23e2c75d7f2d69b0dec81bd3521b3122babe37a334e9402ab4287e9b672ef619

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54b0ec760163a9826918f61508774d70N.exe
Size

98KB
MD5

54b0ec760163a9826918f61508774d70
SHA1

51b4f546f59ad2bf34a678e8d30ab5235f126f2a
SHA256

23e2c75d7f2d69b0dec81bd3521b3122babe37a334e9402ab4287e9b672ef619
SHA512

f6047a622d4f29c91281a9f259b84fe0495d9e3cbe8423678580b124bd340994d1b7c25198a9cba9840a5591a053ba209818084c5fa69aeb4f13143d1e91d564
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSskV:6e7WpP9oVLQthbYY9oVLQthbUvG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2721) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\ExportUnblock.vdw.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	54b0ec760163a9826918f61508774d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	54b0ec760163a9826918f61508774d70N.exe

C:\Users\Admin\AppData\Local\Temp\54b0ec760163a9826918f61508774d70N.exe
"C:\Users\Admin\AppData\Local\Temp\54b0ec760163a9826918f61508774d70N.exe"
1⤵
- Drops file in Program Files directory
PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
98KB

MD5
589fefb57aac7815c83c1627583ed9ed

SHA1
bb1c6f530693f1e7be2f15193f1f1bab98445105

SHA256
214b5d5f2326c66b9cd389cd9d9c7d5caf27029d3c83c1386cf1000302c4ef93

SHA512
bcaacd84759d1886f7c8cd973b45b91dcb9aca0cbfdedc55ee64b305492ae8fe679d6c7208e72850a648ed9bdf09a601459b2bc0cdab1d2f70bd07b26a1b6334

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
c8b4358dd2b7d1d9a43c8ed10790ed64

SHA1
ab48537442f31ca6a18f9068dee25613370f351c

SHA256
f0567e8a6b4690661555c0abad239f77624af907cf3539c6c3c1f29f2a477953

SHA512
e903930354825213328910b9643ad29175f8d9a373c33bd61f9f53136925944d1eb063217d00f910ec0b2cadb448c37ea54a4c027d36bc2cac30e05c827856bb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads