1c20cbfd09cfde29d7a28f1f67957be0c1dd37aed1f4f0db014762c6af0422b1

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06d06ad7598dd5168e91c3221623b1f0N.exe
Size

96KB
MD5

06d06ad7598dd5168e91c3221623b1f0
SHA1

669b39092e9ff6099f07e88501ae47018bacb72a
SHA256

1c20cbfd09cfde29d7a28f1f67957be0c1dd37aed1f4f0db014762c6af0422b1
SHA512

66a135af6230e6afdedcd6815ffba69327d48e53781603707db0999bf784d4f0ca4ddc034540f874ba6c9e899ee90df544a82b3f7f3e6653e372122565ec653a
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBe:PqFF2Ie+efsLK

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3141) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	06d06ad7598dd5168e91c3221623b1f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	06d06ad7598dd5168e91c3221623b1f0N.exe

C:\Users\Admin\AppData\Local\Temp\06d06ad7598dd5168e91c3221623b1f0N.exe
"C:\Users\Admin\AppData\Local\Temp\06d06ad7598dd5168e91c3221623b1f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
96KB

MD5
e6c30d98ab35cca543ca853b76de9f21

SHA1
432ce63fecfa3ab909fc8b33c60f305fbe306b43

SHA256
b0a19ddbd183583a744b9b598b5ca72481f10c68a7019c9a18c145e8f9be2db8

SHA512
350071548153c2f081e3858bc7d429e3f876987bc11700b437704b78fc7c362a2d48c8f2d4c975005ffdac0f387ef8b74b7cd5c26c718ea293fbcdea725a805c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
105KB

MD5
56736cd20de6b5555f2cbb8b15dd5ef1

SHA1
99ae1e7ba0df4f9ced8fcd8e1358d01905f86c14

SHA256
bcd91aca4de704cf9266cb047c9d160c3658446b2e55adea8db5e9a366184d23

SHA512
8086481e5dd9a47463ea4caec23495878e4a5e3f383eb0f259e6f0437ced4a51c1b8c3b35bd7e490706d546e22860793357a104d6164a1b03d78335772e0af5d

Download Submit