71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 22:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
Size

77KB
MD5

4339074e11491136ab1939c7ef8339fa
SHA1

1387bd7cbf2db4417d6f32d69478e18afdfd2c06
SHA256

71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd
SHA512

9e14a2474dd3b4bc3c7abbb6b8c10bd9de2e8413742a63f23f07521edba9936190460b6fa788048c094a266d3620bc2e4bee2d77654975122e6892587967d232
SSDEEP

1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlfM:6e7WpRaSljZM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3624) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\DenyUnlock.xhtml.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe

C:\Users\Admin\AppData\Local\Temp\71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe
"C:\Users\Admin\AppData\Local\Temp\71f249630f1b263db81d57ed8ed32e1dadf1534de6978953aef1e864d44be1cd.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
77KB

MD5
b0066595ff56fd269c47212854882ee8

SHA1
70fc198a480399371861b6f1f3f0cc91f33a394c

SHA256
16be07845fc2fc7dfbe49c36f608a80626848e7bcbc9763809b686c3674fde46

SHA512
97188eb55ceaf55bd2370d474fc31aa6c133c0bce9c34463b8d60712887065e48b31e6f219b82cb7983d34d66e28b2033719ab3d09efff8b5652a3336d014509

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
4347ab5a057075f2c864012d309a47d1

SHA1
d8e52c1f5aa490853b0d3168d8a777fd8f81f6aa

SHA256
bb0e79481e2ce3b6d07901950f0bc258ce526924891bed982a10d65a8a4a75a5

SHA512
a871ae31c96cd988af58b67c0dd5cb38b37ea47917fecd09439a21c725fd2a5d8e98e1efe62a09a7035565c1f43b0c33555f01d06d0454b82d293ddb46574aec

Download Submit