c02e66a872fc1e131d97bcf038bb2026c69d0ef4571db77653911f65ad732e38

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d6a418aae438b8f1c02563789756580N.exe
Size

47KB
MD5

8d6a418aae438b8f1c02563789756580
SHA1

1d76d09b6d973938adf4a4d02f36690abd78a2a3
SHA256

c02e66a872fc1e131d97bcf038bb2026c69d0ef4571db77653911f65ad732e38
SHA512

ac08974a75c6bea125cc959045e7d4fb568152656c9bddf8c3f884315e5304a311dfc25c53252383d9e7b2cc1a55f41a115fa59518ec74a6053752888e3e94b7
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJsS1101XZQZZ:W7ZppApkFS/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3335) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	8d6a418aae438b8f1c02563789756580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	8d6a418aae438b8f1c02563789756580N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8d6a418aae438b8f1c02563789756580N.exe

C:\Users\Admin\AppData\Local\Temp\8d6a418aae438b8f1c02563789756580N.exe
"C:\Users\Admin\AppData\Local\Temp\8d6a418aae438b8f1c02563789756580N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
48KB

MD5
d1b11cfda03a2eee433f98a061070625

SHA1
4e3c9806bd44a23912a2290c47c8650a122bd22d

SHA256
2bb67a0b2c3a8ccedd3e29fa259b93cee1e06b976c21046ffe078985a641f1ed

SHA512
5bb08a528a467bc5c5599fed1bfe6e5c479dfde967405529ae24ad3b6bb0447b9a0655b8b1cc98d5d75866a4a38065efba74472bb2f5614cfccf0d7ec5bdca1a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
76ef507c49db2ecb090437126571bc89

SHA1
efc86df31451b574834dde40390304cd03f6a87d

SHA256
db6e5066126d0650f0610ad7c26c213d8aa96dee220089e7b5371ca53272e75a

SHA512
87c7f446eb16f46a6abb148355be88dfd97fecfa6600fd879818555eb3ce19dfa3afd69b30f4d0ba985e7ccbc6644ddd4cd21ae4a6eefa0d9260cb40f9e69e70

Download Submit