08f060aefce7f90c31feb881ba26ec0b031a7825a30b4404fcf09bcc97f062a3

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
Size

269KB
MD5

94ef1e3fd48589e00327c5c3d3d3f8f0
SHA1

c7598f2fa4000cc9df94a6971aacafd77053647b
SHA256

08f060aefce7f90c31feb881ba26ec0b031a7825a30b4404fcf09bcc97f062a3
SHA512

45f8a644b0066fdec81d61c2d64a8b8e5389eea6f13af7bc0618f6eccd9a958971c4b2ad8a6f14d9f17e8d67fd292cea2608a9ef486c6d5351fa222037dd0479
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IQdcbGVzkc5jdchVzsc55:Te76WQSohsUsWU9BK3Qmy1dmh1D3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1949) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	94ef1e3fd48589e00327c5c3d3d3f8f0N.exe

C:\Users\Admin\AppData\Local\Temp\94ef1e3fd48589e00327c5c3d3d3f8f0N.exe
"C:\Users\Admin\AppData\Local\Temp\94ef1e3fd48589e00327c5c3d3d3f8f0N.exe"
1⤵
- Drops file in Program Files directory
PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
269KB

MD5
bfd7c0ba545c4c7bbab16699903515b1

SHA1
f903923ef7ea9457fb8ff0c4ddae29868a393baf

SHA256
255cfce8771d7309a753391a8629b03e55cec0a55f50d4cd3a3c0eb90833060a

SHA512
72c42b5719e5e495443a1d6d48dd5f8cd84aca5eccd7625687e0f057b0575f0e75326335291486f5f308985255179ed0fd8ff7e12aa1e17e822b7993d981e39c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
278KB

MD5
cfae015fff182b309b0907e000f4e89f

SHA1
9cc5069a43677b8346563e76c1d78f3aded00cf5

SHA256
11141efeaa1f55106c89af1a900124b90f9f35da56b7bbd2cac20171ae1f1856

SHA512
7969ab4ea136ace233c33d9f54ba6afd403c71c91c92d96e72d71c77f463d66de351464f5c643e3be6bd3fc854690abd8c7ea9ca97d0d30aca89405d4574a7a2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads