980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
Size

62KB
MD5

6fa4c2d6985d05352e492a8ee4fe36a7
SHA1

4426515fe4456821ba499d660100509af35da83f
SHA256

980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34
SHA512

d349f8a13140d58f99542a1004b4fc4ec013dbb961870f0f2f49de58473f0236942c80f288f28f0ec85f0f6cdf30d6de607c651ae8e22eb0e7990a471c0094a8
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw70EXBwzEXBwcJdkCKPuJdkCKPiBcCBcu:W7ZppApAJdkCKPuJdkCKPG

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3891) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ADO210.CHM.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\abcpy.ini.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEOLEDB.DLL.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe

C:\Users\Admin\AppData\Local\Temp\980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe
"C:\Users\Admin\AppData\Local\Temp\980d8eec608d186a95a9d6fabd3c0691745ca9ea02a63945e5522fdbdd42bf34.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
63KB

MD5
47aad7113f4d93aa607092844b0682e6

SHA1
0d111e781abca779005da79502e7037a91799cbe

SHA256
b4e6ae271ec7863b1120d2283e5f257516ccee23e7827ebd2bf0185d0223dad5

SHA512
9e9fe698f136e4e7dde1dc54eff20ef8b70c6e1717c761a40de198c530e4912b4305d10bff61d6ca6e96cb5f6a856569cdf61aac085b5dd6bd5b770c8849f5d7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
0d00927a5084366c9b9264c396175bd5

SHA1
ee3af2c902303bf8c0674367d8f573ac52d3f744

SHA256
9ec77eca5cb6da483413bcf35c3e07c3fb8a0d864023f3f6892b7f60ff616e59

SHA512
59c6c2f1ee49470f69e2d15ea555fa56c6cd7e5ab8bbbc687affd8e2aad4e7e0941bf09a0f98aaf83ce6865a0816c1b602d3e4c70c8a9cf72540e915216e9497

Download Submit