06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
Size

49KB
MD5

1679983112e8e50462033a82a77b42ea
SHA1

b6a91416c17f9c566f93d7657ae6d39a532ccdf2
SHA256

06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b
SHA512

9e145e8b82230023305acf355947b111d3eebcb2ec548032516da3d90995573affe01bdb5f0db59dc76558baabb235207db5bfcc59b0c8f178c45199f0f811e1
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvdJIDIe3V2OkxN2OkxLyM1isyM1i0oOszGbb/fxAaZl:W7BlpNLpARFbh4se3pUatOz2D7U6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Windows Mail\wab.exe.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe

C:\Users\Admin\AppData\Local\Temp\06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe
"C:\Users\Admin\AppData\Local\Temp\06bd28735f2944a7e417b38bc6753c2dc1f492b3fab6b818e8bcac5bee9ecf5b.exe"
1⤵
- Drops file in Program Files directory
PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
49KB

MD5
971a61cb93ea339cfa17e317efc8d2e2

SHA1
109344805af97a9749541d5c333343677886a817

SHA256
a5bc955b48ac466aa4acee93da1364d3e7205e51e7ad1778a00eafa3e21c096e

SHA512
a351651db26c0720f7fe0ad6a966cbccfdeb9266d98a45eb148dcba3065a13f20e64df7ecdf49adfe0a03b953f50a2374c2d47d0bc2a5c67802605db8ac7150a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
86cec0dea7b44fac77144b1803cc6994

SHA1
9662f7ff0acee3c67164078da59067eb4df6ae62

SHA256
6182a326f5c9d5219322b5fbc3de45348065be66de083e7e3abbaaeb93d791f8

SHA512
c6c196c26afa8813a7c966b2786aad28aaf64aedf9a2e4ef9554ebce4bcb3349d0ebdaa1f942cb93a68533cc377f39ecc665eda238ffe43943859aabaf2de74d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads