7f614813bce7591ee7c1e112562071ba767afcf86a4629d564d0bd1daa70ff00

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69d997f9c7678bedd667f1c18f863c70N.exe
Size

37KB
MD5

69d997f9c7678bedd667f1c18f863c70
SHA1

8c12876c5dd47858d3ab79aec01695c06eedc5d8
SHA256

7f614813bce7591ee7c1e112562071ba767afcf86a4629d564d0bd1daa70ff00
SHA512

77df8085564b453fec8ad1e7c89fc8dfe4b3f0a3a7ab80c148cd47769d61c92da0a87079bb4b4169dd9b895209b2c1834e91c8f6ae3ac6dc362bbda9a7516c5f
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHA9jxjZ1GM2kS0Ie1GZ:yBs7Br5xjL8AgA71Fbhv/F40U0D6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2731) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	69d997f9c7678bedd667f1c18f863c70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	69d997f9c7678bedd667f1c18f863c70N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	69d997f9c7678bedd667f1c18f863c70N.exe

C:\Users\Admin\AppData\Local\Temp\69d997f9c7678bedd667f1c18f863c70N.exe
"C:\Users\Admin\AppData\Local\Temp\69d997f9c7678bedd667f1c18f863c70N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
37KB

MD5
cb62c27fd010cad4d82a9d1b8208e76f

SHA1
bd6eb72dbf5d70456b685ca87400876b374ccbea

SHA256
1f2c3e80b1fd580618008463814019dcc19ff6043366da74c94c6a1b837094a8

SHA512
09c454178b7e5fd4576579c241ab11cca087946f8bffc08b219a46e47c487ba3bff81ffe7e39fe0aa54d0067b21bbd330ba4347a6875f3f2a0c3aff3c55573f2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
001d11ac5924d80d92f3f2d6304f3baf

SHA1
4bb4426bde044318d4b98c1c4cef9e978d180dff

SHA256
0b6ad94808e294a91b9ff6de0ec139966ec30feb9f04866f789c7514e87cb8cc

SHA512
9d085cc205a2944b9e859d69218278ab589c13e7d6b136ebbfec75af6068fc05e8aa67b6c97402e8c8cee53c87e9e890db0b6a42fba006ad762dfe1216b7ec0b

Download Submit
memory/1940-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1940-160-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download