ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d

Analysis

max time kernel
148s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
Size

33KB
MD5

a349ffd4a0aa912e105df4c4c14a2689
SHA1

f53353edcc336adcccc6f8b6e1a9d6cdd8f81a06
SHA256

ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d
SHA512

0b103576d2f283ec1dda909bf45d4fb58d41ccb8d18d85ef2cead16fc6b3fbe40d4d4b4b597939ddefac995e3800b672d4beee43d42393389c020d1c3648f0d5
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nr5Ix:W7BlpppARFbhknr5Ix

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3321) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe

C:\Users\Admin\AppData\Local\Temp\ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe
"C:\Users\Admin\AppData\Local\Temp\ecd5556dc957c040afd04b7f44d307b18fd7f3a12e62eccc8f9a8e0fb43c619d.exe"
1⤵
- Drops file in Program Files directory
PID:1368

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
34KB

MD5
e477d262ca38b6fbaed31b1becf86f28

SHA1
2a6e2fe3121a6383928f4a155e8a205ff6c48c28

SHA256
77bd8f142a2e21da0979c1dd4b9061061a88b3627281d5c22a4065b9dee4ae5d

SHA512
b57a684e825d8705188ff22924ae70d54077709daa9a5e7ff413681c065c101d56ca9da5e015c08769b2b745ffeac3514b81a72875b4021774ba3ace6409eaec

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
43KB

MD5
d8909113c8b3a8b27b820900b782f0a3

SHA1
e40de73709e1bfda885f259efaa6e82c00326727

SHA256
c9bc14c09e1093561ad3f51951d9ca103b83e56e7f0db80b0d2a4ec21d444b85

SHA512
3638ffb80c4c5626a9b9366d05f1eaee0e12d00e3a8f4f75b3046e0e9b932d9f5f47b062fd40a4cf5827584245cf907d7e261954f5421bc281bf7bcfe3198644

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads