c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-08-2024 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
Size

36KB
MD5

f76080774ed7dda11f7f1c9299fa5dec
SHA1

29d24c14d28bd021a544919e6a508b8b3f68730e
SHA256

c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9
SHA512

f4e6f5bbd71b49363c8e7da1eb8e4adf043ab86771e88eae7a7a67d268c0388abe493832fb34c746062c7195238407a063812d132a3b351065116b33e883dc68
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lttXT:W7ZhA7pApM21LOA1LOl6Al

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4118) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\CANYON.INF.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\WISC30.DLL.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\pidgenx.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\ConnectExit.mpa.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe

C:\Users\Admin\AppData\Local\Temp\c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe
"C:\Users\Admin\AppData\Local\Temp\c263d5ccdb71ed23f71f70ef66e0aaa05da6bb4d8e57e4cac1f56a5c0509e2b9.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
36KB

MD5
009eb4cb392ea2df91cd3f67f43ba20c

SHA1
e0d75c294e3208a4a5156d0be7357f30becbb758

SHA256
61cafc0d081d9951fb708f9d01c7e4e0c1cbc1a1fbef9f5e278309a0de2b8cdc

SHA512
8adfd71f31c7caa2895895e39cbffa3c1e72b86b8b7c422cc1138ceb2cf0e17fa8fe3b93f531d87b16ab80e4b0af03b18acb7265098062368b200349081e1529

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
b4147bb0113b73b0ba0542e73e5c5403

SHA1
5ae9c3892ec6d0a2aae612f92cecad7cb60af258

SHA256
db5ac365a0cbf030e439d27f807518c1ed8670ccc0e96f90ae4c93aa94c002dc

SHA512
84ba1c84496e0ec6ce0f41baefaedf39505d24c173c0771857cbdf2f1558759445c82b9f9db6acc3be2cf978fe8e65ddac3c4065050e762316c9891c1351fcb2

Download Submit