a60131ac478c0bba980d14e3f973cca55a0f795cddcc1624004441d89ff46e3f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 04:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

def875e851fca9388d98409fa6167270N.exe
Size

85KB
MD5

def875e851fca9388d98409fa6167270
SHA1

02b0c05027cb9508fda43b46e6fa3cafb5b0eb19
SHA256

a60131ac478c0bba980d14e3f973cca55a0f795cddcc1624004441d89ff46e3f
SHA512

57fb1a5a7760db3d2c4b2797069d1e7970a12de64dba3c966bc982115019d76280ad51dc8f474bb9268c50c4c9ecc4e68b23f43bd15974d35e2cac082e3eba7f
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggz:69WpQE0zxgz

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3139) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	def875e851fca9388d98409fa6167270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	def875e851fca9388d98409fa6167270N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	def875e851fca9388d98409fa6167270N.exe

C:\Users\Admin\AppData\Local\Temp\def875e851fca9388d98409fa6167270N.exe
"C:\Users\Admin\AppData\Local\Temp\def875e851fca9388d98409fa6167270N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
85KB

MD5
e3b85d9f179cbe190378460be9775cdb

SHA1
552fde939e6bd83fb07696291fc01d99fceae9e4

SHA256
81689e54ce795e03aad200028d9a34bde0f785aa43dfa4b83248982bea3bcd0a

SHA512
c387de6508030cc32a2555bc03f1b1a7a58e8c5f64ec11b18d9ee9b9193d14a872999a6936a876bc5bfa405feb78227c16c1986c90a3e2959f4fde20073e808f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
277be0a6020fe65032f9a81cc0c49c4a

SHA1
591119f95bb15ff50149534fd0ad68804242f013

SHA256
28441ffdf275b063ad0b5d3dc25a93cf2a5f547712f37d27e109838f46c8ba31

SHA512
90474fa4c6e46182d092bdd4a31c4c4452664f92d40dfad0a91eac5131a2c0a7fc762744343652e5d0ee203a0c83161f27cb9d17e4fc40336065858059801aca

Download Submit