82cae1141270f65eab38993b94c60ee533bf459211547bf85ca9dc7b76bdef27

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6db14ae372d63583503ca1c4b843bc80N.exe
Size

39KB
MD5

6db14ae372d63583503ca1c4b843bc80
SHA1

30ad3cb710100d4321ef655d815ddbd34f9bc7a1
SHA256

82cae1141270f65eab38993b94c60ee533bf459211547bf85ca9dc7b76bdef27
SHA512

0c60f21482c8f4e571bc1a104ce2328b262a3dff94f39fb526641c926494cfbbeec5685c092a17f0a006510932daa531cdf926106f947d640077c7f9f6cc00e8
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHBDPeLS9I/sExeLS9IR:yBs7Br5xjL8AgA71Fbhv3UnUM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1399) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\AddWrite.ttf.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	6db14ae372d63583503ca1c4b843bc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	6db14ae372d63583503ca1c4b843bc80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6db14ae372d63583503ca1c4b843bc80N.exe

C:\Users\Admin\AppData\Local\Temp\6db14ae372d63583503ca1c4b843bc80N.exe
"C:\Users\Admin\AppData\Local\Temp\6db14ae372d63583503ca1c4b843bc80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
39KB

MD5
a6b2bcdf5e1c52928d8bcdc9abf27563

SHA1
a1af02870b4503e69c1dcad8676ba159f66c4128

SHA256
5c07c1c08e9c90595027fe93fde9a448a55d4d1f395b2bc88ac6d04b5ca60ca7

SHA512
2e5494f1661a0f2d80c7d67e5134fc27e34e4541aa52b03f31aa4f3aec3027689b650a10ffd0843a89c4ccaf36d8ba73f1d1522e7d69b18837abf190331ae30a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
da1193937ea291186ff76ef821e9678b

SHA1
b842dd0ac7d8f10e42143410bd1e5c9df9ea2ecd

SHA256
9b977081fe2857a7679e2c075843a4b2ac16fa15f01c2f67aa9d827bdedd886d

SHA512
6ec3bbbbac9c9523b10ec8831b7ab744b59f6d3f7507d6d08a3415a2e61cf81c31f756243b07143d29a6f0ce6a715496bce5051dfe58e23e98ae7fe507894f76

Download Submit
memory/1708-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-126-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download