0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
Size

48KB
MD5

826a7010ec165a770457cf2f9e385abe
SHA1

dc0daf34dd23a437005722b8deedd1d332cce289
SHA256

0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8
SHA512

800bb887e8d7e9a687eea2685beca59ff8d41f0f4afc81ea7d0f4b9d55f638dfae293b426a21a2ce7812a978c045e487009cb2694afbd9a7702effbc923fb562
SSDEEP

1536:W7ZhA7pApM21LOA1LOl6u0NQn0NQmuH9uHx:6e7WpMgLOiLOp0NQn0NQmuduR

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3750) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\skchui.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\localizedStrings.js.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css.tmp	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe

C:\Users\Admin\AppData\Local\Temp\0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe
"C:\Users\Admin\AppData\Local\Temp\0716cb6cce276fe77cff25943995eb185b21c1179d9f1d823e558a9f2e9e64e8.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
48KB

MD5
74eeb75ebf537dbcf50e26530f05c7d0

SHA1
e73b9902cc92ef806fa7c8ae6908591c5fd5b4df

SHA256
8ff6fade0414e65806da06e358385667e7dc2e0e743458933383d0afe7f8f212

SHA512
82fcc5e8c03016b53e83cfcfde9b0ff7b6c9956e89644126ec3e3dab9ca7e1c19d4fff883db2147a3fb033c3b5b73080dd9470dfa9564402fc49cc44001eace9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
19681ca8230fed69d7b5629016e7fa5d

SHA1
018db1db739d8e84a42ce1bb4b8bc264e6d0c0d2

SHA256
86358aab8dfb42600b1c488a50145f9e1a13da85395708511631e78de8c74d7e

SHA512
ffacdf4c557ab9cda0c643ec2836f382c7a305d78984bafc6a774f6b96543931eb6e78ec007bc3d74f8acc732a6118fe0344980b8797182ff7560e1803e7582e

Download Submit