7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 01:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
Size

52KB
MD5

a03e43913a4eeffe42fba82afd46204f
SHA1

1ba6fc483909025d003f5e9d5e972df7396e8212
SHA256

7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b
SHA512

7c65b8e7087635c8279d4bc67fcb09e2bb4eb6d5eb96486ef0eaf2c84e510a22112d82225e73150fe0cde63ad1f51cab026924b1d3a70bd1603c77d2cade9125
SSDEEP

1536:W7ZhA7pApVGdsGagj/NQdsGagj/Nyv46Ov46tTItTIE:6e7WpVRTItTIE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3705) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\abcpy.ini.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\ExitRequest.doc.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe

C:\Users\Admin\AppData\Local\Temp\7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe
"C:\Users\Admin\AppData\Local\Temp\7fce18aa3d8c7a3da81ceffb354a425723b5c6052367b530aa4ca0518f10fc3b.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
52KB

MD5
01255b4be550557b11cad971c155edd3

SHA1
d77e61ab0f2df62ca3dd7253db8af80651d70288

SHA256
0dab37bfd352abbac04d1b83027e96ecaecfaf9baf5054240b263f2d96c9a939

SHA512
c6ffdd7cfa6eebc7b2285ab67d95fde75885bf281a8a37ae75218e8a3287dbd4e3cc1ffedd1fc5388bf5dcdfaca8d0450b9b3041fc2def0922e384f6a770f399

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
6170153e6d589a2c55b3046ca2eccb3d

SHA1
a42b2074e35229ec62a9fd973eaff2886f71d76e

SHA256
5c4e0bdc3c830cf5770731c606a35abfc336430bd272f22f4624e945131b64f0

SHA512
bfbc7d25aa6305e65c1cc2d8c0bf37ff6afbc8ee2d0d2faffea1e014b3f9f30d7b59d22fa5d89e5276304362c019b5a8f299e7bfe3f8639daa6d01887c8953a8

Download Submit