2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
Size

45KB
MD5

93958f6371dec5583dd2b15feb9b3a45
SHA1

18c47bae7bd2349e857eeb84e30c14f7bf0c9447
SHA256

2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270
SHA512

d2b0b494b417512c453882ea421e4be6ea7b049b7f8fb513f170ebb6620512a8d1778941b6d40c17e7a0a18a6b0b9524c9c2a0e9d6d65c8234ef9eb5663942b5
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLLeUe9:W7ZppApBULcfpHLcfpyDyeUe9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1025) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe

C:\Users\Admin\AppData\Local\Temp\2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe
"C:\Users\Admin\AppData\Local\Temp\2f8956cfa071807c3d718cd3c47aa688af600543995446b59c1b77b31a0e4270.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
45KB

MD5
39c5e565c28e35216c85bea81ee0b916

SHA1
6bf5f5d14995f7ee0be488c18d2560d5b9448b3c

SHA256
49df97a6f7b07026f1fdba3472dc0dc9034c939c5414e897dfab8cf2bfc58549

SHA512
b8f26a9a262fc39d4c2c7ec1f33a76fed96aa9368c6ede83c8710dac89ea503c4ac9388e365a21eaf5591c534fdc39816d91adc7204845d1f6ae6d70a537f651

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
b6ccb8be69b5c74a3531e8cf774ee194

SHA1
2db8502516b463554d9277310bff99cce9e14d46

SHA256
7c6dcf93713e6569e4f5fc50ce4088f4f0a17c35bd0c7571872a42902edb603b

SHA512
1cc0f67f53fd446501f95853447ae674802f5c8b77b1c9be4e59a8edea03c313331ef7960015e327a21563d323ec7a349cbe8d9ca2134de032adf28ff40a46de

Download Submit