76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
Size

57KB
MD5

da91aa13badd5f5668c7d6c1313731db
SHA1

31649b1ed47dbe92b143b62e3fe55ce0892f4f94
SHA256

76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44
SHA512

3007999fab371de55652514e212e7fb4e04062651600aab70bd76adc30ac8a051eb866c230c4244c5a1c76afc5e11353c3643db8242669a65b03b5d61d14e46c
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/NwmxqIOIQ:6pWpBwchcV2WxqIOIQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\weather.js.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DebugGet.ogg.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe

C:\Users\Admin\AppData\Local\Temp\76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe
"C:\Users\Admin\AppData\Local\Temp\76c640ffcbf1ae77b71a0858d9da206427942f8ec79e2038634c551244fc0a44.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
58KB

MD5
a0784ebb673336c2fd1cb95f125ece61

SHA1
f785585ebab36f21877a768ff3cbdb2f6d910611

SHA256
0e2345a97e744811bff4aa1a689aec46c67aaa33696896c4d0d539ee6c1dfb36

SHA512
de44da3993a8fd9103bab2e23f96fd974918b48d3e556d33282663d968df5235466e12a97aa4efbf4fe49f50050dde2d93a6bec44d8205d8f44a7971dd6764ff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
16833a8a74366abd47e6ab24088b4a4c

SHA1
8ab6b504323610e742674e773aae52fe72be426d

SHA256
5247b20f7127d7eb7b6429236695293b5ce22b7a5601ebef7df57d860213ed2d

SHA512
bc77e5f1643b2885e9d1d3005c3feaa11df54a5f764aabc75a187638091c2a97dd8b5e240ee196a704593ad52ab88f9bba587721bc465bdea5a34c62741f1306

Download Submit