06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
Size

37KB
MD5

7ede1cf1a0e13c0ded26499c16d37ca9
SHA1

39b439f68572e6dfc5aec7df61e56cb254a0c76f
SHA256

06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52
SHA512

4534d36b676506b4c36f17e924d1b76b62f85a12376d0e32d220417c5196d6d3622ab50ea0ebfe4d64e1680862dc370256ef4eded39038dbfdcc2a6344c5f51c
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LObC8p8A6:W7ZhA7pApM21LOA1LON6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3798) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEDAO.DLL.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.HLP.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe

C:\Users\Admin\AppData\Local\Temp\06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe
"C:\Users\Admin\AppData\Local\Temp\06c1a43fbcaf4a74ee1410ba0aed302c9026545b0e9ee197b99440ea8d134e52.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
37KB

MD5
b8cb2f2f9191d0f25433d905c262a591

SHA1
d28fd4a3ff854aa7646d0b1cfc5a394302919bbe

SHA256
4e194f18b3cf80fc7055d887209625313cdd40c2e2638fa03715d29c5eed527c

SHA512
4a160847a29c0e13768cde989554f78bc72486a37c7ab8bfff9a429c3103c5a51db990f82e4292a962e454118f073da18c2f1b0437f6514305e023588144f858

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
14e5a22adacadfc0485d4544ac9462d1

SHA1
931617733b42d4cd4731610591e033ee53b76aaa

SHA256
210bb2e3adaf4d4ea795ab22bccb6027772ddb1162b8c255b75dacafe1fcbfe7

SHA512
ed0f0ed9eda04f9415570111f091890530461ca533d627ffff1677fa743f5b24a734aaa636d80c89f5c49de32a848238210b22a36458401d32190f2357a707bf

Download Submit