ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
Size

94KB
MD5

bfff451d0911a3ba67db0545eb1deb73
SHA1

242f040a99d2b0b9c665eb89944f7933dca3819f
SHA256

ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a
SHA512

5c028f9569632feadddf8ff6a10d807e82a6be446299bb9e0ceb8bbfd0117566c00c745daf98eb38205bf381793a4c79f3cf921fae8042c8b25d0d5b031de763
SSDEEP

1536:W7Z2sspApGg7bobSM+t58qKcAK+j4nI4VfNgZ11PED4gJQeAAUZa0EzOM6:62ssWpGgrM+t58qKcAK+j4n7ByeFUN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe.tmp	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe

C:\Users\Admin\AppData\Local\Temp\ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe
"C:\Users\Admin\AppData\Local\Temp\ac1fedebb66bb140fd0b127f0ac835fcb9818aaf8b897fbe8a0eed9493cf168a.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
94KB

MD5
bbb6037dde8f5881fd30ca77c30e2c7d

SHA1
cdaf9bc4c9a089459308481de64c3365ec899b7f

SHA256
2e306682b96d6732fdaaef9d58a1c5ee5c8f317dbb8d34ff0f5c69b5310ad8d7

SHA512
6bd582321ced3a57c51ca99467cc75695354b83cff6eef8e26fc9143b11ab19e4a90ccce00d9dd05d230df79c0ae1babc9cce9b6a2de58c6751817813a4d11d0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
babd3cc1991a84f934930e1fdd71f7b9

SHA1
0fd9015aa8338b5faec12c9ae573bea23f80968d

SHA256
f76e24b5c78c7bd5eb60dab3fbaa44e262cdb1be7cfecf2880c8824127b29085

SHA512
cf731381304ee28376d0ab75c31738475f7ae80a1591b38321312a1ea237eb4f66c90ebdb082dc01712a4e19110dd9e443beba248c4ab97e4cef9d4e22db386a

Download Submit