55bab5d1b8c2947322b0ad3aa9a45bec8eac594a82eef6a800714714bfb4a2ab

Analysis

max time kernel
118s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0060aacb023236a897fb094a71fc120N.exe
Size

98KB
MD5

f0060aacb023236a897fb094a71fc120
SHA1

ba1953246562dcc2abaa1a45e73ee0bd09b029fe
SHA256

55bab5d1b8c2947322b0ad3aa9a45bec8eac594a82eef6a800714714bfb4a2ab
SHA512

ee4c794cb6627924abe58ac83c19f9ee3272c9ce8869d353dd7f0f13d85282208eba4a238be8ec1f49e1dd9d9ff0b3c4fedef6c69281ea0cb83301ca547cf88f
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhyEXBwzEXBwuqX:W7ZDpApYbWjIoPyPoLzV7c6Shw

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	f0060aacb023236a897fb094a71fc120N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0060aacb023236a897fb094a71fc120N.exe

C:\Users\Admin\AppData\Local\Temp\f0060aacb023236a897fb094a71fc120N.exe
"C:\Users\Admin\AppData\Local\Temp\f0060aacb023236a897fb094a71fc120N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
99KB

MD5
586b9ca5bc593ff9315cc32d22b70915

SHA1
556f2426ac1ecaafc609d7360ca5dc781979a457

SHA256
874b85d0ccae4cbcdb9abe671b98bf896dea6becb2474c56c7bf0d3b306b81d9

SHA512
6e87328356feb10477e4a6bd8d32c8ecf74000cbe5cbfb5b96ab34fcea3b83c44954dcac0743233f73209c5b231646c392e60a261dbd35aa91a39cbea5a13723

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
d8f3778253d83601db3ae2ad5553a79a

SHA1
4fdd42d86abcf7fb87381360f9280ee2ac9a134f

SHA256
6ca6fcc633ba3078cc4f462d5f98a974adb8b953611e2510d7f749170bcee24a

SHA512
2d52c4b54df7a06bd6ebd3b20d3b84226e9f9bea561e98602492db856d312a786e2037aa3c8bf331df305850d4c5fcc90b2052d37d6cdddc4eae55fe0498431b

Download Submit