7556fbf3bb4dae0367da9c081900592d8d205b340218c113a616915d1588f005

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdd7bc6c99862737259fef809bf580a0N.exe
Size

47KB
MD5

fdd7bc6c99862737259fef809bf580a0
SHA1

c0fbe51846fd60df7389df3ff56afa35bcab067f
SHA256

7556fbf3bb4dae0367da9c081900592d8d205b340218c113a616915d1588f005
SHA512

1972715bdb21aef948aa2309154e61adaa4b1850a80aee797a0585e268b8f66dbdb6d51b6fc8e94da852ba66131c398d00278c838a1714a49bf53aa4b67b6aac
SSDEEP

768:W7BlpppARFbhShZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNk+AhZ/D5zf6ydyf+aM:W7ZppApcZ/D5zf6ydyf+abMkF24kzK3Q

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3062) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	fdd7bc6c99862737259fef809bf580a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	fdd7bc6c99862737259fef809bf580a0N.exe

C:\Users\Admin\AppData\Local\Temp\fdd7bc6c99862737259fef809bf580a0N.exe
"C:\Users\Admin\AppData\Local\Temp\fdd7bc6c99862737259fef809bf580a0N.exe"
1⤵
- Drops file in Program Files directory
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
47KB

MD5
3a85e0c5508dc0e2adb3dc7e40c5307e

SHA1
70279fde335abfc4e48e9410c433c84e375cb2b9

SHA256
971fa7d6725e99c778b00deb009b63940b77b1a00d06321778f3f62503f30ff8

SHA512
95769531225fe2f801d4865e388fda9bdb5632557ea4997eedad1c8cf8b620240b633ec87005cc65a526a9d67df170dc00472747df894ffc00acbac37feb80da

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
2934b08d69cc013e35b092cd91759b54

SHA1
c0f27337a3bada5ebc866959c18898038f848194

SHA256
465ec0c25dc20ef2d14801ac5ec55163fc0718cd80a911afa1a605949c2c3e74

SHA512
98a3cffbc581cc3db3667824861a6a26fed8b55835bcf80cfe8ed7c27eb120b995f248fd17e3382798fc6a6b1cb553df40eefbfe4ecf153a7c71ed6446d8c2f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads