773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
Size

41KB
MD5

946f76f5da2acdce52e10280c56c456e
SHA1

96d377d033369456cd81ef39c2acf2ebf8b50bd0
SHA256

773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750
SHA512

cb7536a7482c09f26c74336e71da70c4d7173911721171b6be15be5eacea3085d677febbe1690acaf01eb9c8def65f838eefe641dba5f923350ff0247dd1d9da
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpXfxRfxaRHRe:W7ZppApBULcfpHLcfpXfxRfxaRHRe

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3786) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\settings.css.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\NewResolve.xls.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe

C:\Users\Admin\AppData\Local\Temp\773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe
"C:\Users\Admin\AppData\Local\Temp\773f7c88d93338ddd7611ed305325fc41167c90f0b5333aa25a26df49498d750.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
41KB

MD5
6972ec47b896eda6b04c773d3bb3835c

SHA1
77fb3c224e6bfac9d7ca3f0b012a3eda42626d89

SHA256
b2c97c2073cf962af76e85f0845015bd5ff8257c1cea61fdf9bcc6932d2d9b12

SHA512
02cf264535560a5e657fe31783a762b0ad839f90f0bf89844d5311f586236e22a79426d10bd77f41cda4dc63cb05319619940f4ba74f4e40d953805f169101af

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
4310f7524528f222ed5ff2ed54898ac0

SHA1
87b240b92cb63d0f45b3c15bbf26f0429748f383

SHA256
b0a34f22e9ebbe1be1f3729ea822f1b4574ae1321e0a93fe8b09a3e5fd4f55e5

SHA512
2e2213c3e2429639bbbff8456530d9db677d452e0830981c4c338d40f2adc1cfdb6203bd80dcab7370e393369c7bf966dbf216e7bfe0a80b2814171ef72d25af

Download Submit