ceb8dc6f4126b70561d76599b34761cf63a04d40b5dfa37af9e5394c9e10f381

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

669d92414c27c1224cbc84c92efe8550N.exe
Size

99KB
MD5

669d92414c27c1224cbc84c92efe8550
SHA1

c12987ba23cac1f13b3513c72eaec8dda252debb
SHA256

ceb8dc6f4126b70561d76599b34761cf63a04d40b5dfa37af9e5394c9e10f381
SHA512

955fa682ec40efb095c29ea23efa6b7e157c9fb9a77ac49b20ae28e214397ca77c46af36426abf2f7adc2278da66a2898346bec1618bf5b62b66f5b541b2622d
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBz:PqFF2Ie+effyx

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3112) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	669d92414c27c1224cbc84c92efe8550N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	669d92414c27c1224cbc84c92efe8550N.exe

C:\Users\Admin\AppData\Local\Temp\669d92414c27c1224cbc84c92efe8550N.exe
"C:\Users\Admin\AppData\Local\Temp\669d92414c27c1224cbc84c92efe8550N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
99KB

MD5
806ec5339edb83540c130e9ce5a0fe8e

SHA1
b336b4bd9d24a894ff83c5aaac3089dd5c9d410a

SHA256
a84e8dcdbc06d3101914046a7b9c781b388aba2328e7284833fb24b5b09c4d12

SHA512
2671c6e51405bc65b6a4e0a9b2d1d12d434d297f140519520a2ac959397c7defa99de366be64ef7849789e80916611d9adadf35cbcac24900e1e9b0537d8227f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
108KB

MD5
613ba00fb4308f903d0f8cf3b2c26eb0

SHA1
a30117e3246dc5b6f8cfdb1f652fa09324781263

SHA256
af5b05243e3bf43228950bec6ae5d9de0ced03f16722bf3c3e96201f0d3e466f

SHA512
0ec817a15e18d8a4538acd608e3082e6d2a288455d42db36032d51a85de9ca87aa48f8d23434f401b6346706dca7fc60abd4f5d662fa409b3716a4515889c985

Download Submit