fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
Size

88KB
MD5

394da91b4bf223671e02979ff8aca712
SHA1

45a2de4a2b74ec2307615d426c4cdf25658f7d23
SHA256

fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631
SHA512

68a85e2b424eca3cec0a95cf1114b62fb25660a6b072d534b9d5901fb1c7394bba3618d9b5bbff6e426afdbfd1c1e6ac689fa7a641d34942ca6f4fa8e8395244
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eTdsdYSWSYAk:6e7WpMaxeb0CYJ97lEYNR73e+eBSWSYR

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3638) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe

C:\Users\Admin\AppData\Local\Temp\fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe
"C:\Users\Admin\AppData\Local\Temp\fa408d4c8f0616c3d7573b19a009621c15eda5538cbd34c1b815ad0e72163631.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
88KB

MD5
3051a982d6d7948e5bc137bad5f81280

SHA1
421201c479a97597f0de0fcfb905447e23ce3ba2

SHA256
26ec6a7c5317009b943c18135add16d47e628dd41d215c8a269d61ee869bf18d

SHA512
a903fad6f7d29405b858fd3f40628b851c7ffd0d36d305f3ac9db750f31638721c5ace444629e6b8314ff96483ca4bc68d22357c5e92754fe10213e484013b58

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
33424103b30ab1251d1b09ff5785e2be

SHA1
e3a726e20c1d9fd2bc555b282f2f4e930ebf875c

SHA256
cc875c027c4b6bfb0e2e16c02aee273c7995f71a7edc1f20a4c7d91685f55415

SHA512
ecb767d930112f917ccaea890e47cf5aacba70a9e28073a56c8dec4381184eb9c7230f9231dead4e9048ce10163c6a6b15aeb1d511a33bf152c93156626f979f

Download Submit