a8fb0312c0474426caff47a03a23b7a237e32fa1fe163525e6b365aed06956d5

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76c7f3a500a3d42b82595fdcb84b90a0N.exe
Size

42KB
MD5

76c7f3a500a3d42b82595fdcb84b90a0
SHA1

a25a720688bf9ff9bbcdde5356a45495d4b9ac04
SHA256

a8fb0312c0474426caff47a03a23b7a237e32fa1fe163525e6b365aed06956d5
SHA512

93d806bb88e6dba84a5ef5e30717d40dccaf1842ecc20bb7d6694fbcd323fafdf78cf482c2a4fd41aeeafca05837177daea31e3927d47ffdaf239d058740c08f
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpT4wWJ:W7ZppApBULcfpHLcfp5WJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	76c7f3a500a3d42b82595fdcb84b90a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	76c7f3a500a3d42b82595fdcb84b90a0N.exe

C:\Users\Admin\AppData\Local\Temp\76c7f3a500a3d42b82595fdcb84b90a0N.exe
"C:\Users\Admin\AppData\Local\Temp\76c7f3a500a3d42b82595fdcb84b90a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
42KB

MD5
ccc0e46149548558b8d45483fc13d9f0

SHA1
3f6fa4fcee6e58eafc4959518717d1cc68ea01dd

SHA256
ec906e70b420e99a3735023754b0a4bda0af2c8c25dc4fb1be04233cb46299db

SHA512
56feee56abc5002de98c867d7358ac70a1dad49926d066e745812c1ae54e89045a335886710bd52168dce41869884f2d155d743924aff3c93f358a42af5da998

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
c12fb9f43e44bc8bff7843b26344eff4

SHA1
48378ec83892bf44c86cc7e574a51175ebc9b0fe

SHA256
c6d203779e7d390fdd994022e127d5b54e92c0ea2e337f4756bbc04991fe39ad

SHA512
0d18b7dd150f673ddcb38f9751d1dc9bde4ec1323131149f5034339c585a9ee7aecc6a29ca673f0db90d8be3704ec72b84e2fe4ca7e685fb09c91ec15225b9f5

Download Submit