f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
Size

52KB
MD5

7c0d0817c7785fa57e89e6ba6b81369e
SHA1

0c4b56ae4b8dd22a199f7fe51e94cca21d381614
SHA256

f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5
SHA512

440de04312021a4ae82a50131bbfc7f8a2891cc405d126862a882c024fc4369d27225313e137818a981ecd049a8e03f2266e6891dc6c6dce50b5b16f4e3ff5b8
SSDEEP

1536:W7ZppApBULcfpHLcfpyDoAQeLeAeLeJ0Jz2giz2gW:6pWpBwchcwD8z2giz2gW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3769) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\RSSFeeds.js.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe

C:\Users\Admin\AppData\Local\Temp\f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe
"C:\Users\Admin\AppData\Local\Temp\f8c94acf3ef48bd2d02bcd4656d6f3f80c1a88fdd577bdce05cbe0aa2db925a5.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
53KB

MD5
2a896dcf05b3525b5c8611ca5cbf4401

SHA1
b21b34db458d4aa8c22eef08809badc7043db199

SHA256
7c160e44d2b9de886c77989ad3fe99fa4c23760e81e7808a68512cb07060086f

SHA512
eac5e00a0d21e0168580f337f7c716113788762e843532ca284b1337a6389dfac06940c805df7fcae57e1f3d2ad0866f164e277eef90fb5f495599d772ee59a7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
55654392985b17ff0b8eadb6cee9c9fa

SHA1
56ff4caa9d87b6bb96cb3c5a6ea750bd8934ea31

SHA256
97c9d7c9f59a932065f70f1c4e52260aca9849df1686ba19dd49b72c998dfc03

SHA512
2eecc986be65dcd20bab39a04cb4b632fdda3d9074dd9a6790361c8b3f458282868f1bd69eeb9bb68fa15740eba44ecc55f9c77975def88de21efb5b7cd3da25

Download Submit