0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
Size

53KB
MD5

3d579f179870c86d52512c65cd5aa565
SHA1

00c89de2c6c68196601215379596d27bb0f7a63c
SHA256

0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b
SHA512

88562dc8c1481e2f99880ecc2f10f9cfe33bf2f7505e8e1e0a2367310f8deba66c540240478f15687cf00e1db3f6bb8a48bad84baea7ca81a5baf562afe72cae
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtkYi+3lNrJrQ:W7ZhA7pApvOsOKCj1Q

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3767) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Media Player\WMPDMCCore.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe

C:\Users\Admin\AppData\Local\Temp\0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe
"C:\Users\Admin\AppData\Local\Temp\0fcc5a34e09938e0f49792317babcfc8b530920a63705a96a5cde49c32eea44b.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
53KB

MD5
7806df83686915afaf88c12437ffb082

SHA1
a2dc1a1b3a13bed389caf7f7d380e90e700bfe40

SHA256
70c85f53f6ddd2d46341ae2633d3c94fac2303da375293ed01b552691c03fe33

SHA512
3e9e3feb1135c6d3196bc9d5ccd68cdccb25afe3d4cdb1a89081890dd28615213969cfe5a2d2beb119e49c5c3c46479fba04df5289d62283736ce23f7ccbc3c6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
303556064f6679511c292985d68019a1

SHA1
33ddd05b7eeb0f5453adf8f47d1278ca20d38404

SHA256
f925cc6bcdf3acf289b4eccb5477c48abbfd94f94f4ff7074126fff3c5089f57

SHA512
97f39e2031f34e5f646c69a90ca265a42766a8d09b24a95c22edf701c45c4ef31c4a117d1fc754ec3e03ee04ddea34eb03233c72f2a8e676880a83083bfba463

Download Submit