a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
Size

40KB
MD5

8250288b5fb7d0e390aa6a40dfd86452
SHA1

89e0ca56c8f4f0f595e4bf906d3c898d2f4e0019
SHA256

a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c
SHA512

555a3a2dd71a4602904b2c9f5a52ace3e70a9d33868eeab36284624225a92f316adf6209a43af2267981311d3b00414a0fcb003e498347d83bbf13c182585e7e
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLP:W7ZppApBULcfpHLcfpyDY

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3788) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\tpcps.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\mip.exe.mui.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\SplitFormat.jpg.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\desktop.ini.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe

C:\Users\Admin\AppData\Local\Temp\a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe
"C:\Users\Admin\AppData\Local\Temp\a603c9078e7f08fd0d82a76dba7b0d29c70fcf089488849616a04b756da6287c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
40KB

MD5
92525f0f491f28d55997de3ac2d0b965

SHA1
63602a275d4109d5d60ed3653408e8b423777485

SHA256
2b5bf55770afda0bb3f2c393db7e2580acde17d18fd95923d8bbd6145023ff3b

SHA512
2c2f7bb0ddaa0b590abe66ef419942fc9e18cc238b309bb5227c3f651667dd67c954901999717886158f4d12e026234216eea39835bd057e9fc2bff748492d0f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
e74920f3aa29b7e6d99761c879eac0e7

SHA1
565aa9e6c33e29119063652ae333f299bb506410

SHA256
c4ff18a5ebda2e4564e552b38c20efef9412e61923e9946bf671768491b1de0e

SHA512
a46f663ffdc276d70eeb2ba1b629f92fa36c6ae2443b87bc41b104c651cea170a7ba2b788733d8e431bab043adedfce41987143ad8f7e3d5889e92e6109ac499

Download Submit