c480ad8b05176888d7338556bc5b90d3c3ad4a129e5d338b0c4b0686d5c7ce00

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f72b7f3bd521ea9c86c568855a2432b0N.exe
Size

37KB
MD5

f72b7f3bd521ea9c86c568855a2432b0
SHA1

ca8ab4ec4ffca05e66ff44bbb113552304e7f3db
SHA256

c480ad8b05176888d7338556bc5b90d3c3ad4a129e5d338b0c4b0686d5c7ce00
SHA512

f3650aeadc2a2e5c4543ec7d98453b96f0db5005a4dd41bf9e7a983cd9bd1eab62152f1a88ea5ff62495c9ba692d0067059906e4ed416ffc0e780f444538dbce
SSDEEP

192:tACUADIY0Br5xjL/nznlAgAQmP1oynLb22vtI0zWXPXpGeqc4SUqUGeqc4SUqAc9:GBt7Br5xjL7lAgA71Fbhvt3e4S04SdHd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3251) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	f72b7f3bd521ea9c86c568855a2432b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f72b7f3bd521ea9c86c568855a2432b0N.exe

C:\Users\Admin\AppData\Local\Temp\f72b7f3bd521ea9c86c568855a2432b0N.exe
"C:\Users\Admin\AppData\Local\Temp\f72b7f3bd521ea9c86c568855a2432b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
38KB

MD5
f4f4aa11d146defdaf1bf647172334ee

SHA1
46c28d7a78eb507325f277055bc383e745a6d82d

SHA256
8d568aded9d29f38151345ba5ba6b4457b9bb4da4331d2da40c19b46b82b9794

SHA512
3dea85dcfe9b037343017d58799eec927e634d5582b7571ec0525560bfb1feaf8f4822de973211a08d3b2b7a3d0b74513d9ff184909dad4586d45b90aa745319

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
49843511a9c2224b7528be54fd618e66

SHA1
842e5cef7e831f7582b438e9cafafe5956493843

SHA256
9c9dd7439013e08715a508aa5c4a907608c36bd7d417358bb87ba7a35ec22cfe

SHA512
8b9dc1c7a3a932f3c82653281f99736aed2af663b53d964a78c553405bb39195af96e45f4c41c2d32eb2b7dfb7f0e542d741ac649aa74239119034877e3098af

Download Submit