a7e0817644c723091e08bbfedc7c153e68fa3b66b704ef4d54c36ffd92521398

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38c71c97d661550e08c40c5b1c058920N.exe
Size

53KB
MD5

38c71c97d661550e08c40c5b1c058920
SHA1

05c2e5737befd6bb6e4be9d5c6819aa94f2d2592
SHA256

a7e0817644c723091e08bbfedc7c153e68fa3b66b704ef4d54c36ffd92521398
SHA512

04cd267788ad2df9789f15f2a5c8423d6d770a458ddb49faa1d52196ee23cb726020ead780ffdebe88f1ba77e312043ee114ec96a75bf85b9787a5a7435483fb
SSDEEP

1536:W7ZppApB7tlJ5OvtlJ5OwF7CujdyGdyMMkPMkXwcwI:6pWpB7tcttFOuFwcwI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2813) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	38c71c97d661550e08c40c5b1c058920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	38c71c97d661550e08c40c5b1c058920N.exe

C:\Users\Admin\AppData\Local\Temp\38c71c97d661550e08c40c5b1c058920N.exe
"C:\Users\Admin\AppData\Local\Temp\38c71c97d661550e08c40c5b1c058920N.exe"
1⤵
- Drops file in Program Files directory
PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
53KB

MD5
980240e1ef3f15964f2592230c8099db

SHA1
5eba8f6b7fc4af24a26f6aaa51f973d36f601e02

SHA256
e0c9d8b7d2e85cf1a1f568287d6d2d3dad73ae14e5a4ca80d851b6ba57b99cad

SHA512
0adbf2d3fbfdbaf4e848dd19dbca0e41d87b81fa47ff5bda5c85ca5e1e9688e5a526405f6922c7944a231e5d084c9d31f6d06f3965de602694faabac8107a1a1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
b8d7099cc5b6526806ce6302724aa912

SHA1
0a5715355a18e1a19c8fcef196f2568bed00d982

SHA256
95d32fe0b0227a530d1d5d72fac57ac10da1ad17606e7de39d19c9dc65295419

SHA512
9548ee3a14d60dcd79027cc41b5504e2bb2b64700a3a71275b421e0c2fbc46ceeeb98b7389a633959381348bb05ec39d328b202df6d742b0d172513aae7109f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads