a5ce8c826086274c304909b3f7fa577fd4cc3c1ffa91041d9eefe44094c92d8f

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c06c03ff84db5a4cb26a3bbe9d56680N.exe
Size

41KB
MD5

2c06c03ff84db5a4cb26a3bbe9d56680
SHA1

ab47e82522b6effaf2e7b6326994507755613cad
SHA256

a5ce8c826086274c304909b3f7fa577fd4cc3c1ffa91041d9eefe44094c92d8f
SHA512

2c7024ce593393e25ce0bf36dfc2488fb188842af3bd5cb03f9c213e8295e091122774d68aa5a6468ad83abfa8a568d27889e8f955ef15dc80f81d2e90dcafc0
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFi:W7ZppApBULcfpHLcfpyDi

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3276) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\ExportClear.zip.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\ReadGroup.rar.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	2c06c03ff84db5a4cb26a3bbe9d56680N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2c06c03ff84db5a4cb26a3bbe9d56680N.exe

C:\Users\Admin\AppData\Local\Temp\2c06c03ff84db5a4cb26a3bbe9d56680N.exe
"C:\Users\Admin\AppData\Local\Temp\2c06c03ff84db5a4cb26a3bbe9d56680N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
41KB

MD5
c3ac97f240787125266429fe0865e541

SHA1
3a47c6c4cca5939e42625b33a24770b797f9af3c

SHA256
939dab1de9a4a70c3e97faf57ce7fa73ffb5ff85668a635b16f1ba8b62cd77e7

SHA512
f39236c5d9efef386fb5b0d702f5add7224cf2c86d4499c70902388d4ad3840a6c96aebc172871a811d2e915a3fea913ae917cdc1c68b78edbabb6c10e78a37b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
057aa2916f6003aa03e5a80d5ff08278

SHA1
33799a9785c79b88057cd98d683e98c82605c6b2

SHA256
a3f3f455a504695e49bef7327d53d08595ed3b7772728c74fcee7c8df61efe17

SHA512
e55ffb063e31d1677282d2f8880663a720ba01cdb4c3880c8252861ea9ab75ce483d8c5df9be66dd7809a97bd23cc818269ff61136de8bb876e2d76696db1f2e

Download Submit