0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
Size

69KB
MD5

e5e128a6d29b1ff2d53d9d43cb9d7903
SHA1

e24fb160aaa3cc888b787efb579e5c35bf37709e
SHA256

0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6
SHA512

9ddccaa3c79cc5aea168db53bede9434b8d70b11d6a6468f5b23f0c096c659de817f7d72672a51374e4c73c29a911f190042fca339db57d6e6002f6eeb12dab0
SSDEEP

1536:W7ZppApkxUYU30NQn0NQaYepnpf64rDQ0:6pWpkc0NQn0NQiBXQ0

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3735) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe

C:\Users\Admin\AppData\Local\Temp\0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe
"C:\Users\Admin\AppData\Local\Temp\0755f8ae5d087fe8c72f904768981d1d1cd74ca3b2e6c04ef3797ad1b26bc9b6.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
69KB

MD5
3b9b174b9d626de58c8242511c2689a7

SHA1
5d751aa400e04cfcb820dcbc2727edbb092d4952

SHA256
2ec7954cd666c4691baca44b79cbcc24035e01647673c799eeb5cbc8b309dd35

SHA512
38b942a7825ccc3f7d6879483bff876f6ea6dc586075feaf9bb8866ede4cb36e5ebb8bb3407daf4d0bc40a7fa53ba9a8b2967e7f07f922081344ea3b4551d58e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
943f7ad3086dce0b87108ae5811dfcb4

SHA1
ac2cf8c6ee41e7e40bddc76af94595b151218761

SHA256
443fe0514bb7675407a836b028501aa37ebadf3a92721b9758ab397d9f2ec791

SHA512
83d2daf9e673cc5dca75b0fe62dde58ab94d798615a20235600ca702816fc030766736a8ae18c66dd49d07b4bfb803b287d139c22f9956dbbd13ef5c3ffcf50e

Download Submit