778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 23:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
Size

52KB
MD5

561ed89c3ab87ce3a34d78d2ce230d83
SHA1

35911b72b8a6d8f4de9412c3acf9038804c0c8c1
SHA256

778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b
SHA512

60c592ad9f7919cbfd4d4bd66c34af3be6f31d1442de4b5571719781c42dd2539fe3e8439924f07350a9463a22c80f4a287b3f96c95e7273c392289fd09adbd9
SSDEEP

768:/7BlpQpARFbhq1KX101je2/Qdme2/QdAe2/QdDe2/Qdme2/QdAe2/QdA:/7ZQpApq1w

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3772) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe

C:\Users\Admin\AppData\Local\Temp\778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe
"C:\Users\Admin\AppData\Local\Temp\778b29fb3570e62114e29dab7c2e0dd7b1fd3b1b65df0bf9f546b1abdd59970b.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
52KB

MD5
a536a18b9b0e93b61d2e60a08962156f

SHA1
a931accbeb8e91dbbddc26bca1dd55cc3038976d

SHA256
a3a6063314e74e9aedd1c01da1980688ac72d4c65b340889c8de545cb6f2ce2c

SHA512
fc9e5b5b3353bbf9759634df6c8c6e8cfbea18929dd717da8f9651ebdf99e58668bb56cb0bfbed5ad35368417a0c67fbe25dcd79cfc6b27a424914bc2cef6471

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
453d71ff5a5a3162c0648523fe99d93a

SHA1
ecf590102abf104290ad849a8e841cc936abb3e1

SHA256
1178d41290ec0fa85230a1b9e981198a8cdf18a4a42bc73b5bb02b40b2319dd8

SHA512
1acfa113f0511329c56483b460e58f2d5e787e8e08de80055090a67d51f7cfae3bbe96f5df77d9c53040c0c8c5f4da3b5fcfc2656251dd340f917b19f67e46c0

Download Submit
memory/1628-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download