271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
Size

68KB
MD5

2044c29daf24d2748c1de0924ad55809
SHA1

5df302cebad5b85a0bf06054361bf9a54ccfd2b0
SHA256

271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e
SHA512

ac66f6424f823605448f726bf16d3db80eef54b157a00702236dc9bdff055c6a98cdfeca84c0d066d10c8e302331df03d0c33bf896a1067836e727ede13a1e96
SSDEEP

1536:W7ZppApwEwnmJARJAaXxXNJdkCKPuJdkCKPNQmJ0QmJD:6pWpUnDXxX+QmJ0QmJD

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3730) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.msi.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe

C:\Users\Admin\AppData\Local\Temp\271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe
"C:\Users\Admin\AppData\Local\Temp\271f246eed4c2a4bb5530e72da0c450bdf142b2da13f6cffe8f037134560f19e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
68KB

MD5
b88fc85cec71e55eb4aca7544719ef69

SHA1
0dfc7003ab7b4f81e8281b19b4da1a22da1b7b89

SHA256
a599e095193b88e941678da592ffdbebfda3de4b28187a46efa0dee12a2cc143

SHA512
7c045cc021c9c283fafd82ce302ca1f6fe3be2173d3823e7db51e25837963ac2dab068b99ccb11b0da596338dfd08ca52262ed3976851c019deb6e8869a74e9a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
82c465431ffed2d67a7ea3589516d750

SHA1
0b253c558cb5a769b6ffba6b64e19ca8108f0c3c

SHA256
09e72458199a87a341dac679846eac50bf58e12d4ccfd2a0ef0bf8dd0d8f0122

SHA512
f70cbd6c1f0f012af1b71b4056911ee1a887e2c6bc893a2524f904a5fec059998db37fbdc0ad4d17c569e5250dcdc1ca6d7fe731513562e3c6d78708baead661

Download Submit