21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
Size

40KB
MD5

4935cea28a21bbf3587f038dd1e6f467
SHA1

b12b3be2f3957f26309be13b34cab9c71c407b05
SHA256

21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb
SHA512

bb4ce27ddcd62f8022d6e80534ce231fd0cdb4f3f82bbebf333414ae028684562e542b8ec52a5bac44de33c130594b90faca1a24ac878d92d8061f2e6d903f6a
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvo42L5FgAytBpR42L5FgAytBpW/7KmK8:W7BlpppARFbhjbhg42LcfpR42LcfpW/f

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4109) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\FM20.CHM.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\IACOM2.DLL.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\WATER.ELM.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\THMBNAIL.PNG.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.tmp	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe

C:\Users\Admin\AppData\Local\Temp\21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe
"C:\Users\Admin\AppData\Local\Temp\21ff679da035cad23bea0f6a208ada6e11f30aea81f492455b215f3ed7d73adb.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
41KB

MD5
fb6ddba08bb401806f86fd4ad0f15abc

SHA1
c39a47099d52a049a589c1790ccbed03480521fb

SHA256
04340229ae44b57bdf6e6e8ac73dd0f4645547f03b04c78ad0a0e5d5eab7211c

SHA512
d7b95a9a44db1f60137f954bbd33484b7c126ea0c0974962d756f42de9ed745be5890bcb65cec209ae6070634b450daed93f09b4ab4e000e9d4d514ef84912d0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
01dae69841448809fafe4ff24fb955a6

SHA1
0fa3c2125d37961b175b22b982e0707ab669539a

SHA256
49d5150f34ea71fd11515e12539feee16d27c2ab70a81694fd2f017f6fb31cd6

SHA512
d5d4189f15c67fb4b981fd2de8872f451de72e0c29ce9103438c497f8b3b05139cd3a8378dce23d6702082801d5f0c8b6fa2cc0f47de745f2c2ef6b6399ae219

Download Submit