d6dc93bad0dbb6a767df7092ee0a39010c026a7a939cdc98ef267d3466704607

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ebedd523dfab739490299f54a0ea010N.exe
Size

44KB
MD5

5ebedd523dfab739490299f54a0ea010
SHA1

1cae87495d393701cff3d13b4b993a6c77d7e7f4
SHA256

d6dc93bad0dbb6a767df7092ee0a39010c026a7a939cdc98ef267d3466704607
SHA512

e2e0681de5d31eb7b8b6e2ee542623cea45b4d2626895ab6f5514826e0cf002c65c975de8810e9a41e949564b137ee83b366a4a982571a1784c13a1942584445
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwNqikTqikW:W7ZppApyqikTqikW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3328) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\StopSwitch.wmv.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	5ebedd523dfab739490299f54a0ea010N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	5ebedd523dfab739490299f54a0ea010N.exe

C:\Users\Admin\AppData\Local\Temp\5ebedd523dfab739490299f54a0ea010N.exe
"C:\Users\Admin\AppData\Local\Temp\5ebedd523dfab739490299f54a0ea010N.exe"
1⤵
- Drops file in Program Files directory
PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
45KB

MD5
6cb9acd31f5121785f5562c70cf06253

SHA1
4e3d453b5e6c663ee64953879c520dc39ab76f32

SHA256
b7d6e0f1f08cf072448cfaa2c35ded29aa8ee652b83be3b9acf07d7ee3578369

SHA512
30354ccc75198946fdcf8ae87a21d6849006fc69c17498ece57c665c7935c6cbde8b5746c236d01980b25a898462bfa01971490ad569da66b087b6a6775ffb28

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
5611bf157c3b5443ad3537e711ee6d4d

SHA1
a357f2d4018e1d1d0bbc362999794c60b4a15914

SHA256
52bcdb7043dcdab90502846fc5d65ad2bd1cc9bfae7438da2eacc32220df11d0

SHA512
bd33ed5c196318bcac3ea9ece15f48f0e0b5c537088c953eae93a92ac128924a08f73e167710eb3ffd8c9461dfd1240888c6138344f3d4446005cbdc9c77e0ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads