13e23bbdb86ff1c536d3147ca7bab114311a848c179cf4913e1de846a7964b47

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/08/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
Size

44KB
MD5

0ff055e93b8fb31d0f9f77ea7d1fb360
SHA1

3ea3bafe33ded103b6d9fac7a09e7e7a15e611f5
SHA256

13e23bbdb86ff1c536d3147ca7bab114311a848c179cf4913e1de846a7964b47
SHA512

19b74c946b330c6fb9eecf06a0ff761c869c15e5626f827ffb542ccbf21a16cd5e5954205337e0ae8f93ecbaa3084e73997815e24d6b6c404bc934bac3306d29
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwRJofJoinI5nIX5f:W7ZppApaJofJoiww5f

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3391) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\ExportReset.dot.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\DisableApprove.M2T.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0ff055e93b8fb31d0f9f77ea7d1fb360N.exe

C:\Users\Admin\AppData\Local\Temp\0ff055e93b8fb31d0f9f77ea7d1fb360N.exe
"C:\Users\Admin\AppData\Local\Temp\0ff055e93b8fb31d0f9f77ea7d1fb360N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
45KB

MD5
1df7899cb7cde250654b2fbc45abd184

SHA1
6ac48d08f33c24603000e932643a7f6783cbc901

SHA256
bc24e41c8c0d7019ab68d03d664b1df5bb4b3ecd2be3e77c95fb672d7f620b8a

SHA512
fac5e2aa3cdafacb43fa8c17d484351cf22ad7a2ab03c33970968e44bc5b9852f2d859601ac962b8714818a92f8b8a8267755ad3ab2fc2b402fbb584acb7e32b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
750ac59ff1333e05d01d4c9741f61b80

SHA1
7eafe5c4863438a1a5532e588a5d3228ed28443d

SHA256
61c7aa58a1666a72bb512c32bc58a2306299a2a6622ad98cfef60f5f97749f83

SHA512
a6082704bf8ee89e16f518c2422da69242631ec56d8adc6858528c24993fd1dc725eee2fc0002b77d08a80a410f6c88ca748e4657b0297eec25122bdefcc6f01

Download Submit