197a037c11e10e6765c6283dd9f63ef112f98fd10b9a12c942571ad2257a96d0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6da995f32bf6bc11856d971c5b252030N.exe
Size

80KB
MD5

6da995f32bf6bc11856d971c5b252030
SHA1

5955f7f180dc630dec3dd1003697ae48d33bdda2
SHA256

197a037c11e10e6765c6283dd9f63ef112f98fd10b9a12c942571ad2257a96d0
SHA512

90c5ab5ae6b3acd7b2754228965688667802dd8b784ed011175a37838ca3b6d57838c3ac380c53be6e3cc1023aeaabff02f2971d20397208580188fb07f45bce
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJ5DVSWu0SWu2:9QWpze+eJfFpsJOfFpsJ5DVSWu0SWu2

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3064) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	6da995f32bf6bc11856d971c5b252030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	6da995f32bf6bc11856d971c5b252030N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6da995f32bf6bc11856d971c5b252030N.exe

C:\Users\Admin\AppData\Local\Temp\6da995f32bf6bc11856d971c5b252030N.exe
"C:\Users\Admin\AppData\Local\Temp\6da995f32bf6bc11856d971c5b252030N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
80KB

MD5
2b60a1496e7e62b4873e8f1a7b36f2bb

SHA1
0b2e4fe5bc65ce509a704869e9e4196a4c1ff2cd

SHA256
b0dd82ab6af65727be4422a72acc9f02dfb95fc57a6d02e204762966fe5f6c29

SHA512
ce7653540504b17abab6ab29f87bdf682324dbb0f2ef555ad02ae31e0ac0fd5f91d2c6f0bf9f21c57cb7911f9fff56493096357a1558b9db822fc71038b2b4ea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
de542ff7b4c3bd7747eafb1288efcb59

SHA1
cfb5b74e69b510d182b0067697987fecb5604369

SHA256
90b34edb5e2cba92050fe0634a92d8928fcb3d0e556dd9e39c2af72232f3eb57

SHA512
c8cdc32a6dfeb0b878f7fdd97d4922254be68039e8acbfe8e572a6685d88e1602ee54fd22080332b118fd0fc4edd9a95bc18b1b8020cfb5966f7bb5dcddeeb22

Download Submit
memory/2752-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2752-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download