086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 18:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
Size

44KB
MD5

2d0f315238a564c20c551fdb9e30d0b6
SHA1

36b119c86fd0b202b6ec8eb46c47198004456c01
SHA256

086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62
SHA512

68bb4f809c4d634e74f440ccdc792d90875eda9efd04e98fe72698d631b7d587642498560fa4496e66b2fbe8e377be985c76fc8309883ffde8fc806f52d5908c
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrdfvf/:W7BlpppARFbhknrdfvf/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3459) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\RenameUnregister.ocx.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe

C:\Users\Admin\AppData\Local\Temp\086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe
"C:\Users\Admin\AppData\Local\Temp\086e5ba07fdfa8a842b15b3c06b3ab55db434f85c95cab12ffbfb052fe2f2f62.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
44KB

MD5
9f2be8e228e225719d7acba003427f0e

SHA1
71c9e7775f98e3ca8a206d181297da2176b9560b

SHA256
d1abe7137214d475a194328d0716a850c5647dcbded64c61e7ba2df05b3fc6c5

SHA512
b4ad3acedae77464ab5634df85589143184e0a57ed854753af84b0fb841232b09a0756a97ed355259609ce4588ba8d758a7459c367a747eab73bca0fbe62d65b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
8f2c39a9289424f12922fa0e1940033f

SHA1
4338f29392a3d8a83ed97664fb47c4c911cf5849

SHA256
b999b3b4f7bdc3ec046fdf0a77aad60ed08a40b496531e18e0e9d02d0cfbfc8b

SHA512
6ed50855361b12d320348e681942bcdb498e0ba010bf8378c6dd343b9d6d184f6562eba1d3d7707f91628c7b793b14ba5ed27be4cc31c79e51d8ae1f53f6fcdb

Download Submit