9638c8ffdecd58cb1cdba1889922821b5774e93d4ad187267651526dc51effbd

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a0f16fdabac998160206031bafbf950N.exe
Size

70KB
MD5

6a0f16fdabac998160206031bafbf950
SHA1

b9abecb5c5e94b71101418fd6b7aab45c5cfa608
SHA256

9638c8ffdecd58cb1cdba1889922821b5774e93d4ad187267651526dc51effbd
SHA512

bd20bb9a22fe7c63139e620b27c837e1460a4c4bd5175c204c4c8516623dc639334b343f52f8c5cf3d05f1d21f0904ca9ad0eae3e89c8f2322870004ddeb8982
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8Ue+bs:Te76WQSotbs

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2697) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	6a0f16fdabac998160206031bafbf950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	6a0f16fdabac998160206031bafbf950N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6a0f16fdabac998160206031bafbf950N.exe

C:\Users\Admin\AppData\Local\Temp\6a0f16fdabac998160206031bafbf950N.exe
"C:\Users\Admin\AppData\Local\Temp\6a0f16fdabac998160206031bafbf950N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
70KB

MD5
d90c2ee547a8a937240f89c2c7ff507f

SHA1
8a6c11835a34198271d1211fdfef964aad8aeaca

SHA256
56c77c9d1db8ec2b4d6d8b834665cd0e8d8e8658d2a6a34606e8f813aa0d85d8

SHA512
a4d2c1d467e3f1731080c0fa171bc735fc97e8c95203385441d42165a67fbd194a9aa08fb1da069d11a370369286f80a6fd02138a625a0a3f9f8ee71aab112be

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
483bdf1edd8785ee1f9ec2950ab05332

SHA1
1ddb0786bae60f45087b1a717a02d12c5a2e9b52

SHA256
3028a1ea869f1f485f2329e862a88ba7f24e78d4b189b1c9d46d8d8996aaf67a

SHA512
2f20646adad26df34777200098cf191e69537c2a86913d05f4c95ef2622114318d527484a26135320e5923d34e899a2392cc366c1b656a068a2057b3ae91a374

Download Submit