9e8926f2ef68210a80ee50b706e970206a16183f435b4d21d757306516ab4d0b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb77f558ef40af3c458cda96d2347b60N.exe
Size

46KB
MD5

cb77f558ef40af3c458cda96d2347b60
SHA1

139e5b6d995349fe0d27876582e9118e19862fec
SHA256

9e8926f2ef68210a80ee50b706e970206a16183f435b4d21d757306516ab4d0b
SHA512

5bc461803d7387f19a6b9058753e4da02f8734b18331d9eb3e4467b6373e122e8db4fdecb92b8edde9b7b5630e33d5a4cfab581ce24e9e86bf0040d31c05c0ab
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSLFEFW:W7ZhA7pApM21LOA1LOl6vSxyW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3446) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\InitializeApprove.emz.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	cb77f558ef40af3c458cda96d2347b60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	cb77f558ef40af3c458cda96d2347b60N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cb77f558ef40af3c458cda96d2347b60N.exe

C:\Users\Admin\AppData\Local\Temp\cb77f558ef40af3c458cda96d2347b60N.exe
"C:\Users\Admin\AppData\Local\Temp\cb77f558ef40af3c458cda96d2347b60N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
47KB

MD5
a2752caa3519ca35ba4595b395ee8df6

SHA1
7fa3e918035860df9cc26e368156b35f6b4faa79

SHA256
c04fce7dc7454084a50be09d0e09588fb696b440a675e5cfde58a8a657f8dec4

SHA512
ace9ac1f562ed55d6723e78472aa7cd12f4471a692db81ba717b0f3c04e8425046bdb4a33bf4a919d33d3a1b38f1f5251dcc1757a6cc899baafef0f955ced8cb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
3d3a8169afb40d1b20735bf0c96ac110

SHA1
87dd35b354c7a907180fc4ee93980a8052960e59

SHA256
f4ff20cf39430b847f809fb67f8ecbc99d1396f448b6b248f830da2a60af5c74

SHA512
39918bb996715a2f4aa80f76f37e1815ceed14f67c72de87657893bf049935c93ef88a783684b46c4983ef6a8f1ec96efc887702657bf6804d504847538db82d

Download Submit