5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
Size

37KB
MD5

599f7c2433b3484b0474e027ba084e7c
SHA1

39a3a2e294e4241d21f72202196c9bfb67bc89f1
SHA256

5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c
SHA512

2a4c87c5db206450495a6ff01c7d83dcaee026f3b4c12a63ca6f00a4a56730958b1d78b24a7a40bdba1df6d5f17bfec31b187e28066d46c880be0a065bb9fe41
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhv3KueKudLl++KIIwX4IwXy:W7BlpppARFbhjbhPKueKudLw1bWrWy

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1365) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe

C:\Users\Admin\AppData\Local\Temp\5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe
"C:\Users\Admin\AppData\Local\Temp\5cffa659329d2ae888f8e2962b99c7493be0fd95a6aadcac9b57a261688a1f3c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
37KB

MD5
dbea21d0e0c0545f355b501450443bfd

SHA1
d3d6394bbce0bf804b6cb8b00e5531b88e6ce0e5

SHA256
c627bd98a47abf0d8cf15cdee0285f726043f2ab564764170dcbe9c2f3945cef

SHA512
d7e55423b9d5910c25bf31ec6a384baf5c878eb5db0760b5e0229c8f89f7e3941fb2bf63bc13148c8938968eed10e78ee343242a0d2e156095c14e0f981fd0aa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
d79d147fa50dfe9baa3825cbdb2cdfda

SHA1
b3c37e57546f51ec56ddf88fe4c8daf14a68a1b1

SHA256
1816aeeb6399004a89f89032788c5d2a39b918d44deb1a7af0ae72b4d39819e2

SHA512
bc493160c9ebc13e847a5dc7cf10164185b75a11b24a0c73d74c45d3f4bce3beb6764885250b7dd0fe24627a6ad438d54b877aa741ca7e672638c0b7a5f07ca6

Download Submit