0ef7c5bced76dac22162cae32eb81bfcb4611d4cc777e0f8585d9cce4f55fbc6

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f761581b7d46004780711d50153f9c10N.exe
Size

43KB
MD5

f761581b7d46004780711d50153f9c10
SHA1

5bcce092bbcf124c934bf0138698e164e53f1335
SHA256

0ef7c5bced76dac22162cae32eb81bfcb4611d4cc777e0f8585d9cce4f55fbc6
SHA512

2fd8dbcc07822baeb03d155fac61153071da0f661f81854e24f956633e9b656c2a088d833065fa4d4fde85600ad888b6c3f7c3361171b8381c8982f107149d96
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOHwOoJVO7iJKqOxiJRDOWiJ4JOAiJ/rOqiJv:W7ZhA7pApM21LOA1LO2c6b25gc6b25up

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3119) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\ConfirmPing.xml.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	f761581b7d46004780711d50153f9c10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	f761581b7d46004780711d50153f9c10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f761581b7d46004780711d50153f9c10N.exe

C:\Users\Admin\AppData\Local\Temp\f761581b7d46004780711d50153f9c10N.exe
"C:\Users\Admin\AppData\Local\Temp\f761581b7d46004780711d50153f9c10N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
43KB

MD5
83c5a1472e18cfaeb44a195bb3ab528b

SHA1
0fedb006b64e3d0c2e8d6ae2bd1249f62fd5639f

SHA256
7ef17d6909a609363257141af76d41e9f57b89ae71af67c62350a1aba5a8cc04

SHA512
5783926753b53dc23a394d7871c8ece0e5689b173f4da1b9467ec97bba1eee6158b04ae8f45fbcef49d6dd2c8ace98dcc3177a2ffea031e2315de7b1246038f7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
fd801de870626451c37bed29c1203030

SHA1
6c65a7ac1b22597162b11f9633f8ff8eef393c14

SHA256
29685bd597c681eba229c255d186125b54c4668f6f074d91b17f4142fd026055

SHA512
49aded37e8ce350363700eaaeb24d3d64638fc89425b06ec5ccc80188335427ae8b89f2db27e1b73e124db77fa0b4dc8c1159b0c1432852db9b275464a8fcd54

Download Submit