f4202f737c2b7b0b912ad829fc35955511451c80b4a44471b72bb155fd7a9c65

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 03:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

868c4742d91898a68262bd495e0377e0N.exe
Size

58KB
MD5

868c4742d91898a68262bd495e0377e0
SHA1

2ebab7bb299891fa179733676431773d7691f125
SHA256

f4202f737c2b7b0b912ad829fc35955511451c80b4a44471b72bb155fd7a9c65
SHA512

6365216d1b8334469e2a40ae1c801f4c382150158bc2f48421af29d25346ca6028378bfc46a8ceb95fb020521c0b091b95dfa867e38c04cf7bff4e5420b6e86e
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q89Q5:Te76WQSol

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2711) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	868c4742d91898a68262bd495e0377e0N.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	868c4742d91898a68262bd495e0377e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	868c4742d91898a68262bd495e0377e0N.exe

C:\Users\Admin\AppData\Local\Temp\868c4742d91898a68262bd495e0377e0N.exe
"C:\Users\Admin\AppData\Local\Temp\868c4742d91898a68262bd495e0377e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
58KB

MD5
14c9707c0475210b38e6e22c68461da3

SHA1
3c1f100436097241b63c4d598ad547940774e9fe

SHA256
9a829a054ecfc875bfd47a9069a5eff8038b2d90934cdbb863e926b1261d02aa

SHA512
c7f9605208d5379ab159f828a8aa4b399601bd7f00eb67a995461da78793d151479d1f9a90be060f009af4f19cca25d9f7e2d49019610ba99d4fd1431d076dbc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
96f0e7d3f3cc5504d099f58f5429c6a1

SHA1
711532bdf7a536d930482dc9e6f5b7635990b13b

SHA256
4cfe1c082470cd68db502569c0cef0ced27ba2d4c3eec39d1e4bda68c6037c47

SHA512
2805a152e774b23c5edceb235b19ea34a0ed9673eef7f6fc6873f43b6a470fe3a83a6faa448b62e76b7f3442cb0cb330a48204a71f1e753e7c9a7580c781d258

Download Submit