207e99e5429116e89af206741153aa8f4eede0cd7ad8586ab27b81c59de3e0e8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6289cab9a0ad98f59040b8a8496596b0N.exe
Size

101KB
MD5

6289cab9a0ad98f59040b8a8496596b0
SHA1

7c10720ae6fb223f03879d4e9d42580121e105d8
SHA256

207e99e5429116e89af206741153aa8f4eede0cd7ad8586ab27b81c59de3e0e8
SHA512

3f92c10e7b1da2d9582d1af8a710db65a6cd21aa379ca8f6185fe972b94da3fa01b0161777bc0fab0513347e8624087632218630f585094a35336642c782cad8
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888U:Lpe+ekeP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2844) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	6289cab9a0ad98f59040b8a8496596b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6289cab9a0ad98f59040b8a8496596b0N.exe

C:\Users\Admin\AppData\Local\Temp\6289cab9a0ad98f59040b8a8496596b0N.exe
"C:\Users\Admin\AppData\Local\Temp\6289cab9a0ad98f59040b8a8496596b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
101KB

MD5
7ae8d58477ef6def1b5b838a5120bafa

SHA1
54e62dc35a41389db4119cf57f42bee7619b200f

SHA256
12274ae8ae7d32b96a05e3919fbcf4294b55bcf13896fabf61edcb4d08005ac4

SHA512
2a127fd1f3b14dec2fb3a02ed730c12c024264b7509233bc3f1cd43d50b33c9ca860f09d8ee56849963e07b6c97d7cd183210b881487c9c04c231cecc51d3c02

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
0182b1565aa3ec24ba0a549eec85b00e

SHA1
09061f9d5217c7ee0fd12aaae310d0c500ce3ac0

SHA256
f17779f9a7581363dbe12779c77fe2ddc595494b0e29a6be299d441879d06dbb

SHA512
03e460e2c6d0e75e975e8352e6cf1cdd5cbe84eddfb8fa3049cc5acd1193e4de8e9a1de3d96b930af7e6e685bc6057bb226eb4936b5c0c18a52293ff256eacbb

Download Submit
memory/1988-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download