77c2223775eeab6abacd73fe96334333251107e184c1412bb5bc1ba202115b7d

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f879f38cbaf98d2c3ad094e80c361610N.exe
Size

110KB
MD5

f879f38cbaf98d2c3ad094e80c361610
SHA1

b54a737f82d3c5dd939d6411a20a9f02f5df7472
SHA256

77c2223775eeab6abacd73fe96334333251107e184c1412bb5bc1ba202115b7d
SHA512

23723213a87d9686e4d5c07914408d944ce8923531ac012817b03b5ff4fccf292f959282f91f2bf8069580bec5fa9515230b3a716ed9814436452f5125b59f35
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBS:PqFF2Ie+efsim2J

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2859) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	f879f38cbaf98d2c3ad094e80c361610N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f879f38cbaf98d2c3ad094e80c361610N.exe

C:\Users\Admin\AppData\Local\Temp\f879f38cbaf98d2c3ad094e80c361610N.exe
"C:\Users\Admin\AppData\Local\Temp\f879f38cbaf98d2c3ad094e80c361610N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
111KB

MD5
2c459e43a10aa9a2001efb7486789e30

SHA1
a6bf9ce47e0fc18830a5a8a6bfef3a9d56fb5005

SHA256
67363012551a164741fce6f61db8ea5347177cc6cac643ebe59c2ee946942606

SHA512
0e9b95769ba8dc348bbb2a9772d32fdbb3281a9914fdd934a9ac0b9d955904cc457a3e90bb8ac1d89f66597286c2881e5f84662649d76855fcedce742f6026fd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
120KB

MD5
1c16f8bc96a7689583d5905715445f5b

SHA1
fb6f566da3cf9c1d965b8f5422cfb433f570730d

SHA256
50dbd3e7ab10d2052baf657c57b9efdfb92c349fb01701f5caebd4bf8f2fb778

SHA512
65a00ea3418e3cf379ea24bf95ffd5348b022963dea4c17ba801de0b81ab04a078b82d4116f003382af4f6ece39f4b16b2730480b68f2658aa6ae209524a136e

Download Submit