c073de727a89287cf50abb126bfe9dd3cdf7fa540635111f6945bdbb55c69149

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 08:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e32943f366ab2685a33c83787075670N.exe
Size

38KB
MD5

6e32943f366ab2685a33c83787075670
SHA1

f1f9e1d205c31558c5470a71ee0dc830e7be916a
SHA256

c073de727a89287cf50abb126bfe9dd3cdf7fa540635111f6945bdbb55c69149
SHA512

38581bfb338dc51ae485d691b5ed90ab6ba82323e410e8b8da4d19afba2396589a34b87624eb10cc0486083df2ddfc5ac60feeb120f82c0323bcf16f45046e12
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLUtO:W7ZppApBULcfpHLcfpyD3tO

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3343) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	6e32943f366ab2685a33c83787075670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	6e32943f366ab2685a33c83787075670N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e32943f366ab2685a33c83787075670N.exe

C:\Users\Admin\AppData\Local\Temp\6e32943f366ab2685a33c83787075670N.exe
"C:\Users\Admin\AppData\Local\Temp\6e32943f366ab2685a33c83787075670N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
39KB

MD5
2d11a974c62d3fc6c16d67495271b37f

SHA1
d118850a3ac9e5ba8f7275b989190b61c72177ee

SHA256
daedd36174e854a4be3b7f80d63632e8079fdee102353538a83c359ac4d7a215

SHA512
a1f37e6e40e4d4e6179322331e97394507178594e31d262cd2652f8e0b084c8239333c428c829a34cc0a3fb0f159aac10355c986f209949ed64747dfa639a4ca

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
8259b418cef5f9862d88b092c510579e

SHA1
4c8135ba23724175532007bb50e8ba135ce44120

SHA256
6fcf1f28fb053e1c5e10a915a5175aad974f79a403202b27b62ce73029edc7e7

SHA512
e3e1b86a09a0fe158d64ea754ea01dc9c1ac960d3ec5ae8697b7593dc2d3ecffe32f79869d6047ba663b009dde3167e6dd95521e3fd59411d30afdaeb4c5e42b

Download Submit