80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
Size

77KB
MD5

c294311e04c7aa4be1a0ae4540ac2a0e
SHA1

606bdc962865ca273d6257e6f2b21c132e8b4839
SHA256

80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2
SHA512

0cb3ba216af3f63e3a2e9d6dc32566829952ca3d06558f67c9e37905383a6bd4227b310dd1f1eed22ee923dea51c6b8aafad3690a9498f014610c8e978667b1c
SSDEEP

384:yBs7Br5xjL8AgA71FbhvJUfWGUfHjtmjtd5NaMR5NaBQNNXiB:/7BlpQpARFbhiWb8naOnaBGNXiB

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3684) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Journal\NBDoc.DLL.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe

C:\Users\Admin\AppData\Local\Temp\80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe
"C:\Users\Admin\AppData\Local\Temp\80f1882fbf7d930a5a069010a5adc26c568b5db9e8d9a7368bf10139464b5bb2.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
78KB

MD5
083a002a614a40524068807c66e09dde

SHA1
e83fcfed0a32c04dbcfc1e9cde8f654f1f6bc27d

SHA256
24248963818cacb1af2526f755b67359f0f38398dc144601c8280f0890c54203

SHA512
3709a562e45470b5aa3cce56cf5e7be8c579138f6f34c8bf47dc9f3dcba68dc081d98b949bc5cfe5e29feaafd3c4e7fde6e2c92077d170173b4a034d1e2c5f63

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
cfee996025da21dfcb4b118edf99cdc0

SHA1
5b564921e4f6ae92e1ea29b89dafecdd880c1558

SHA256
33a2ffc49950b5e09012ef7c7ef4f74e7e5b76d938084e58bd8ac18dfe984ca3

SHA512
2ed09ef40b09d7fda4c23da0623b81f73ae3ab3a11503fc4ea99fed3fafe37d549c3022724475379d5c829db2547758146d310757ec10c52cd876be572a99f3d

Download Submit
memory/2584-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2584-652-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download