8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
Size

32KB
MD5

a6685246b9b71ee3c1c36335fbdce17a
SHA1

b21a21969dda2f69538ed8c6eb14284f0de29cf3
SHA256

8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332
SHA512

354e3e07f865fbc0fbc6dbf36cf6afb6f8ef1ac63d369a12d76e3a4416fd3b882a52cc4a7d9472eac06f60131a2e0859c2f9580b77fbec1d66bde478e645c31c
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvYD/DCgAgT9L:W7Blp2sspARFbhO9L

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3946) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\PREVIEW.GIF.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\MSCONV97.DLL.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe

C:\Users\Admin\AppData\Local\Temp\8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe
"C:\Users\Admin\AppData\Local\Temp\8064a258b9bd258a8f32842108f4db9b74300aa1fa3685dc76ba8bbe11de0332.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
33KB

MD5
d99fe1a54960ab5cb499c6a99f81529d

SHA1
7f3988dc7bf9c26f4843b5484e2ac95d1a863293

SHA256
b66d04e6c8d43ee0ca34dc303886d235aeeeb90f61e39d91ffea8d3f2ccda3c5

SHA512
dc08f9fbc387959c940ee63edd28de2580d8da93fcadf24e5611b9d168b0ac960e4509b57696b12237c7125eefd3f81eac277714f010ffc6a3c8d59849d2d864

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
41KB

MD5
74c815912d5fd62a1c3b14c1b3b212dd

SHA1
9692f1320d6b702722726df2aad185e3023fde43

SHA256
c31d4e02cf32d608e34e4f20f3ee1001404d183439bf6865f2e67fb0b534c307

SHA512
6cff45efdbd523d42653caaae032ba999af7600fda44bf681bc4f0c10261b8ba84803160b22f45093696800b34d5f416f5f3411627c402c88d365fddcbd68a67

Download Submit