bc77416ed6c83f37e841124f94c26125090c75460fc3e959cd5cc72fc8df19c1

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8a85b70da76dc951a53acf0181b4e30N.exe
Size

42KB
MD5

d8a85b70da76dc951a53acf0181b4e30
SHA1

3720f6a5ae95e3a9e387eb99555407150d29af8a
SHA256

bc77416ed6c83f37e841124f94c26125090c75460fc3e959cd5cc72fc8df19c1
SHA512

da47104da3620c77029fa066ac4a3bff499bda6352181b6eaa657074e565e8c7162c50e30f648e914b7f828a9505717f9cdcb9b715fa534479598279234a2bce
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsS+8r8N:W7ZhA7pApM21LOA1LOl6vSX4N

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	d8a85b70da76dc951a53acf0181b4e30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d8a85b70da76dc951a53acf0181b4e30N.exe

C:\Users\Admin\AppData\Local\Temp\d8a85b70da76dc951a53acf0181b4e30N.exe
"C:\Users\Admin\AppData\Local\Temp\d8a85b70da76dc951a53acf0181b4e30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
43KB

MD5
f205ff20d5a640eb8bf05538082688d4

SHA1
b88dd2aa2b68652e56f4b7c34609562abb85a553

SHA256
cb40559975d29b4ad5d73a0aea8ba2f3c9d393b2f8844b25fb78c51bffb11070

SHA512
d74f38ef92e0102520df76e91a230657d295520131915f69105bb491b7d8131614c432b30650240b691292398aad7c7a8c4065700938447c9ee43c632b9ec045

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
1dc81cef03313ac92b4900386c2422f9

SHA1
4bace25da5bedcc61f0305523b267e1124bbe694

SHA256
349005d2fb34ec92c303d022db4227479919ef902d4942de30ec3fa2662f7b8a

SHA512
f455f29f63053beaa048bad25ae7d6d0f50570c1bdd8855eb2ea3356ec490304b4cced421367e44cfd7ba5f29fdfd526482b84142075b31944ffa2c5a6b67f85

Download Submit