fddfbab9b6fad041744f777f76fdc99f7c3f1c88b4b31cfd36cc14af45fb77ff

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
Size

44KB
MD5

3fa1cc8be4d9c7a5f6c6b43b26d67a10
SHA1

a4c19029352655fbddddfafc5be8d118d4606d5e
SHA256

fddfbab9b6fad041744f777f76fdc99f7c3f1c88b4b31cfd36cc14af45fb77ff
SHA512

49b1633305064c745e2e01e489354722a8efc83db91ae47d737ed51b856eeec31af14359ec850a485013f8854403f99d84d1a2b5623c88b6306df539d5c9b052
SSDEEP

768:W7BlphA7pARFbhOm0CAbLg++PJHJzIWD+6/huEQhuEzFAo5fOiJu6OiJfo5fOiJu:W7ZhA7pApH1++PJHJX18EQ8EPePed

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3261) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe

C:\Users\Admin\AppData\Local\Temp\3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe
"C:\Users\Admin\AppData\Local\Temp\3fa1cc8be4d9c7a5f6c6b43b26d67a10N.exe"
1⤵
- Drops file in Program Files directory
PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
44KB

MD5
5e713033cf1843ab37e878119e97aaad

SHA1
aef2d6006c7d2b23026bf4dcb8e80938f19962bf

SHA256
79b63c2195640626050b6afba0a8b33bc4f0c1086473406675c3bae4176845f3

SHA512
eeb17f6422204a8506259e96de7444d3341f1ec1cf4b424c4936813926771b1e0ecf2cd1bc7535055b4ac7b0ca1b49943c921dc09de84f895c839650c4c4ccab

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
29bc52bf69f1d2b022b38499a5feda3b

SHA1
18926a54dfbe86718736a99c717aa0d7b02e3175

SHA256
e71cfbe25e8e2312c26a874cc78783d186f65f285f038682e7ffea8601f88994

SHA512
4aefa50a97eba2c8a916489efc1f34a1fd34d6f7818c4dafa0625084176a0563ac21d638e3bf8c6e9d9368454ffba8544cbf5872c9dab2a5dc775b3fdf98a938

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads