a476f878f318df7c35bbe374284a6058e7f8e603c2a3e30deaeb12ac47648717

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76a9015c04f21b86d15fecef0062b350N.exe
Size

46KB
MD5

76a9015c04f21b86d15fecef0062b350
SHA1

0070f92d702f49bf95484b1df89f98d9877adf2d
SHA256

a476f878f318df7c35bbe374284a6058e7f8e603c2a3e30deaeb12ac47648717
SHA512

6dc40deb8f157b72d558a53186e85bbfd509671bfc897761cfc1c5c48072c97e7bc18e64aba7b9a71953a408ef3ff5f0ff7318e6435cea3e6355361d4eda2fa5
SSDEEP

768:/7BlpQpARFbhNIwPSWyKoIWbsHfySkT5GeQbyi348oWc1RPOzkjId6q8UdrSD+k3:/7ZQpApRP/yKoIWbsHfySkT5GeCyi34F

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3220) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\ResolveAdd.wmf.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	76a9015c04f21b86d15fecef0062b350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	76a9015c04f21b86d15fecef0062b350N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	76a9015c04f21b86d15fecef0062b350N.exe

C:\Users\Admin\AppData\Local\Temp\76a9015c04f21b86d15fecef0062b350N.exe
"C:\Users\Admin\AppData\Local\Temp\76a9015c04f21b86d15fecef0062b350N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
46KB

MD5
7b058f391b921968f891389a3bf06389

SHA1
75a24d1c41a98fce4c1cc69d7f701f4d1d82c82b

SHA256
5c6893b1269374d4ad72771ed13ee3657e69c2a291973fd73816d8521e99e089

SHA512
e839e08c55207bc55d485f61fb0b718488a76d02e890a6a05bc10691ba5d3c8248c4891a72eb5e1a4c2685b9b37e23649bc8dcdf67106a25c8552ff4d9429ce5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
6c19204e69c44ee0795f687c7dc2013a

SHA1
bbb333169c995b4d790c570803bea257a9d06cad

SHA256
2b8dc56c1412f9d0460a81540a8f348de519343bd8586151b9c57dc9bf1865a6

SHA512
d07c7b74f1d9c40db8048619b360b6e41571199132952f3cb39d46303aa827e310bfbd8a8270556e915e6dbf8654fea94fbca1103bbf2617d9530202a44fab91

Download Submit
memory/2276-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2276-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download