77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
Size

57KB
MD5

aa969289eb6944adecbc69a4c0d010b4
SHA1

1230ea4963413c9e43623c3fb6ceed0953f7f454
SHA256

77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1
SHA512

2f289e58642d941ee51f8d32e1f0a610e8376a4681c9c025bf414d080b49f3f769af29abf43456341880aea8cf0fe62d2f39a15c6350e17b509fbe1daec0a8a1
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJcUYU30N7AVn0N7AVaYHGejGejnA2M:W7ZppApkxUYU30NQn0NQaYHGejGeu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3774) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DBGHELP.DLL.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe

C:\Users\Admin\AppData\Local\Temp\77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe
"C:\Users\Admin\AppData\Local\Temp\77627273be28004f9d039900428d32aecc0da6350ca2183a0ecc8224b82838a1.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
58KB

MD5
2c32db6a60a1cbb5b3963a78adc0cb90

SHA1
e81653fb8c06a10ba75fad80c636a1a7ecc9c3ae

SHA256
6a2133e138c75b9c81a70b7b84fcc644050b14a629451ad4676c4fb0737cfea6

SHA512
f5b73149a404a295f8c4bbc902c2c548fd9d41ecf3fde324208c50916862116722ccd12640db33535b3db5a28aea97d384a9ee7227af34f89154cd270d297a52

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
5caaa00dcd5cb208ad1cc7b563b7a5d3

SHA1
f2b31e2c0e25c287f9ba9ea85def7f341369d94c

SHA256
30da1ab8c0eba63a02a29b6124fe7766f7c0548561787b7a78a9da61cfe6b992

SHA512
b8099d8f0a4ee372e9b7a6c9cb6ce674e00d3ab766add96e237367a4365a7f91d551044dd6ead976dec7489141ae6133d39d14d917a844f95b5aed94bb856730

Download Submit