7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
Size

57KB
MD5

6ff43b1450df9227e1bd3469b9430312
SHA1

024a4ce1b35cecd81eddf57a22db084a2d6d2b54
SHA256

7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc
SHA512

f4a196cc6d87301c911d2c9ebddbee7560d7f57778d3f607e6bae4fcfcdac783d3ceb8eb3f9b74649e86d110e9f1ae02b53a497891d7aae3fd2175909c3b491a
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7lSKSW7afHFCSW7afHFIkm:W7ZhA7pApw03vR03vxSKSWu0SWu2km

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3796) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\GIFIMP32.FLT.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODBC.DLL.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.tmp	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe

C:\Users\Admin\AppData\Local\Temp\7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe
"C:\Users\Admin\AppData\Local\Temp\7adc344942d7215b5a417b4a9e881d474cf7eacdf8690fa4df38234259dca0bc.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
57KB

MD5
5476ee203a3c252a9658d85fbb251475

SHA1
6a9aa45402acb372040820ff727b404bbab4e463

SHA256
d3340a8dec2fbca280ecfb7bbbb17292fe02d03824f7cfbec7ccb0d7b435c962

SHA512
a5c53ca746b74e8657d49f324397a86ecf97a34df009157ee9bb1cd4fc5be267b73a0befe25591281afad1bfad942d59e691a1e362ac06124c433aa899c247aa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
6ed8c5115bddae5fcf2104bdd33bf385

SHA1
09c407e765a47a5c9fd2e9e029773bb9da610ff0

SHA256
296ca844a1887ab875b71f577e5b4cf2bd2e09c01a200964810849ab596d4a4c

SHA512
554b97e30f5f94fdb8171eff6c47b8c08214bb06ab30914f5b85f5859104bb379f4f9ce94c9249ef7888cdb31c329b07385ea90a48e0f106452aea52d092148a

Download Submit