136c45902c61aab06d274daaaa987c922455f642896300d618c8f5b5a516144f

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a38852d42d1d17378cbd9a758326ee0N.exe
Size

42KB
MD5

7a38852d42d1d17378cbd9a758326ee0
SHA1

636496974eeab9ede1d7a3551c9f7ae0644924ad
SHA256

136c45902c61aab06d274daaaa987c922455f642896300d618c8f5b5a516144f
SHA512

accf55ca183c42c8f88ab4b8cf3819ef08eaa4d5b26ecf48f13c9077dd86dfb797d2f9d07a421ab8b26d897c1b98c8303063b2e6acccee2ffb0abeb6ed8ed044
SSDEEP

768:W7BlpppARFbhknrAqQ/Q6JYAJYMMF/2An:W7ZppApktshJYAJYDT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3373) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	7a38852d42d1d17378cbd9a758326ee0N.exe

C:\Users\Admin\AppData\Local\Temp\7a38852d42d1d17378cbd9a758326ee0N.exe
"C:\Users\Admin\AppData\Local\Temp\7a38852d42d1d17378cbd9a758326ee0N.exe"
1⤵
- Drops file in Program Files directory
PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
43KB

MD5
7fde132012bc63433306b6c746161f44

SHA1
62ff23bdaab87d6a507affa3e32a383d59239096

SHA256
de09d3abe4c5967bb71d1e9db860c721ab6a8841adff1cd36322e22b8382bf08

SHA512
eadf9bd3f79e00a07d2d517c50162895a725cddb6f9ede5d7e9d22ec0f7d490e1fe4cd970a621b0fb1b76ac3996024bdc5a25a3d263230b2b6767917b6c31859

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
b2abbba54918d84b117b3099f60382cf

SHA1
a45406ce375b72d792db9591bd106d3db45f82e1

SHA256
77b0ac0c296d01efa8a7ddb241f5fe4acbf0b49e322bc3709a4c611e1ef4bdd7

SHA512
68e95198feaf95645c487439ce34d960d3d6caf2c0b4e23a2147eada715080d584c0902150e612bfeeb0c09a18b9a99c45de38a3710c7c28aec6865b9533fef1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads