6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
Size

49KB
MD5

29f1307d43ae0d00c3676f9b64175921
SHA1

67e63e8f88918d870d48cd8691f4efa470335796
SHA256

6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0
SHA512

990ae9d78f299594f307437cffa3565dcaebcf9f169b594de7fab99a80aa2e0ec76101c01c587512ea61bfa4737e4b5967d79c69af1c87283cce49a040d504ca
SSDEEP

384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJr4S04SCzwzwl/Nl/Y:/7BlpQpARFbhq1KX101GIGjY

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3733) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\micaut.dll.mui.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe

C:\Users\Admin\AppData\Local\Temp\6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe
"C:\Users\Admin\AppData\Local\Temp\6d79c7b077c21e4786f0da8be2b2a141c7a062321161064fbbaaf12e9d7befd0.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
49KB

MD5
859e976b1b82bb4c515df8cd60d4dd7b

SHA1
d6707f3cc6b296da98518ef55a40e556cff200e5

SHA256
17b8f3d475b537e6ab42492c35b7d251460b3d004cb77e96983769aa615c9e6b

SHA512
c14a8dc560bbd220e9d9e2df3349c7d78bad6900497598df2585b22203376f0b9f584f27f8e6ef081b5b951f184001d4cbe9aa5efbc38aca8f33ad43ea6d028a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
a41dacd97fbc8d48d9fc2308e196d2c8

SHA1
cd7c4ac17c0734dba6e9135f3c88a4049fe12790

SHA256
2c8a83192dd363ba5589607157101bc985465d725c6c871fdf10f1b65e307094

SHA512
705c0f94cc945a6163bfc58ac8893c4dad9ff1aca0acb835066dd410e5482e69e3f08d74bd37ff09fae63f91e6244a38cc89228e103d0bd1af119f900c19c52f

Download Submit
memory/2824-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download