96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
Size

76KB
MD5

1317a7016d3ca1162b5a312e992113ce
SHA1

821438351b3293f61bf7df07c5d36a9123c67389
SHA256

96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b
SHA512

6a058b0272e165b14e86bdc6b93674ea863f9e21bae3bf604e1a0f50c1496582f4c82d1b755f9f5ddf88a5041604d7d9ada9a43149a8e3dc898d3b5dd9fcf52a
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBwzEI:/7ZQpApze+eJfFpsJOfFpsJ5Ddu7eM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3560) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe

C:\Users\Admin\AppData\Local\Temp\96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe
"C:\Users\Admin\AppData\Local\Temp\96bccd5b4290aa8a8f45870b2b9f403c42def1052047c70e0a44fc0f0e7cc80b.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
77KB

MD5
2756ed7225156f9de403d077ce9e5d7b

SHA1
cbdc6df5f23174390d14213e4e8734225884b97f

SHA256
0ea6d7fe2c53d94a308ecff1ee9bc7b28814dc083da39443a2010178f827d914

SHA512
c70e21babc11d76c6baa986264ea73fa3fc345828dc611c5703710cb7e53389185fac4ed7ac73e850d7230c191e320b11bfbed970cdbc99098d4b6e691adbac7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
66f163593ba5acf2e29dc13afee310c2

SHA1
b8c7241d28b13becdcc776aaef2baab2e0d8b670

SHA256
623a4479bdcf1590a2efdf27927b4be114d942b3e2fa69f23b2073325c27180c

SHA512
0a43305266c5eacd7707e3f9813101f110587713bd53322cbfe6d62337cc601fa7139cb59ced3466f3f0369c07597b514f9ebbd06070ba44b704d0b2c57eb59f

Download Submit
memory/2712-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2712-650-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download