895b86327255c123583f613888ca68b15e843df67b8ef92b6883ffebbc16dec6

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f075712abc2dd0c21c8bcf7fb6c8e870N.exe
Size

34KB
MD5

f075712abc2dd0c21c8bcf7fb6c8e870
SHA1

9d371b8419d5002893bcc0ae7a8281b3d3640414
SHA256

895b86327255c123583f613888ca68b15e843df67b8ef92b6883ffebbc16dec6
SHA512

9a4f84427204bab811d3e1259265972d07ca7571f6c3b32ef6d395125d616a9e7b40eaa133f805d35758ed20a3d07fbb66a940e8e9e3a0584a09a8801d0a897c
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHA9jxjJY1MEY1MQ:yBs7Br5xjL8AgA71Fbhv/FaMVMQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3123) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	f075712abc2dd0c21c8bcf7fb6c8e870N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f075712abc2dd0c21c8bcf7fb6c8e870N.exe

C:\Users\Admin\AppData\Local\Temp\f075712abc2dd0c21c8bcf7fb6c8e870N.exe
"C:\Users\Admin\AppData\Local\Temp\f075712abc2dd0c21c8bcf7fb6c8e870N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
35KB

MD5
56d373853d58d57ebf7df214ea4571a7

SHA1
527cb5dfb3cd74bc8b1aabb4c6b147cdede506af

SHA256
6c419983df64b7eb5c0b354b1e5c25b8c9ba0a211489c30841c285747f2feb2b

SHA512
593885dccf4f571cc03695db92f1c40c9be791e9ce737fa71499015add2fe24b34605da562d257a6338d27a0e0189ef567bed4eb133a57ce7d9ec1d62cb3401a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
44KB

MD5
694f9e2d55f54ab0e291c6e62617eaf1

SHA1
7991cb1e27eadfdd54f12fa3364b9fd5c8e42161

SHA256
3ee0ba1b117c0abc6db55de87d70d7db45232482b453db1d38469bc2e1b3c7b9

SHA512
2c32e9b7ecdc5e56853d2185328b80c7168076d9da51034223ac7cf1024fcf20ab48c8b5b4f1abc893b2288737257651a7ce504716a5ecf5bd69f46cb248839f

Download Submit
memory/484-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/484-526-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download