b4cf4bc36187f86c32b4fc6b3314af1172fe878120b6ecbed55963e9bea4f9d6

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fa6d40f1e269d37d662fb6fdc7fed40N.exe
Size

80KB
MD5

8fa6d40f1e269d37d662fb6fdc7fed40
SHA1

499cfb2410504e3948387ca725053aeef5086cf9
SHA256

b4cf4bc36187f86c32b4fc6b3314af1172fe878120b6ecbed55963e9bea4f9d6
SHA512

51357c4acb818b78672225592c1d076bad8f29d26d9fc5537a7ce5560ce283486d1fcd8b48759991a4e01fe5ece6063ff4555b504d73ff373e5768b8ab942188
SSDEEP

1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlmeU:6e7WpRaSljq

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3147) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	8fa6d40f1e269d37d662fb6fdc7fed40N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8fa6d40f1e269d37d662fb6fdc7fed40N.exe

C:\Users\Admin\AppData\Local\Temp\8fa6d40f1e269d37d662fb6fdc7fed40N.exe
"C:\Users\Admin\AppData\Local\Temp\8fa6d40f1e269d37d662fb6fdc7fed40N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
80KB

MD5
1cedb711a40802247d493d4453e3aed5

SHA1
7c3496a3821ee98536467100b43c5e8b656fefa2

SHA256
05feb5c335a697860e44498b325ba7cac803faa7098e1958175eede31655489b

SHA512
cc859b4f108b61a8f711e01d1c0f7a9966e461eed67013b424c9210e041f6ed19440586f77384c07425b5f9bac789a2dd6835dfde6a560609fea5456cc3bcd53

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
b1e1e639f3f39808b02f2a7b98f75e93

SHA1
d4c290764c87ab3ec72382ebd39109924e16bec6

SHA256
a4f7c4e2ca45bf36064242c648c5d49c9222fb3fad41f5232916648095041c5b

SHA512
fecd5f8b604edff9345f3a2352cd82aa79800805c5e66edc56dbc1df939487467fdcbc18f95ef522a3439b0ac7ddca996fa48956db19809f2a21d8889192eb59

Download Submit