d300aa8551db09a50e4da3422a0b84c2f89a167b9e23983d93104defd74466ea

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f682ecd0603827383141f724391bb5b0N.exe
Size

44KB
MD5

f682ecd0603827383141f724391bb5b0
SHA1

da01d75ee00477478a4cd29781ec988e9a5b7070
SHA256

d300aa8551db09a50e4da3422a0b84c2f89a167b9e23983d93104defd74466ea
SHA512

13c00653dd96e07a67fbb98ab020fd6ccbde100c2fdc8cf934b5568196b09e4ff42104c2763fda16d9fea068c848a831f7af926aa50341f9b903b9612f0760d4
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLFdyGdynmpmrKnK8:W7ZppApBULcfpHLcfpyDUdyGdynmpmW5

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3312) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\CompressUnpublish.pps.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	f682ecd0603827383141f724391bb5b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	f682ecd0603827383141f724391bb5b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f682ecd0603827383141f724391bb5b0N.exe

C:\Users\Admin\AppData\Local\Temp\f682ecd0603827383141f724391bb5b0N.exe
"C:\Users\Admin\AppData\Local\Temp\f682ecd0603827383141f724391bb5b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
44KB

MD5
ed8b5c5e078402d4e1ff5a4c515db01d

SHA1
589938f9de44a68c571fc79c2c7fd3c4a59c98cd

SHA256
6b122589957d4c0f3526932178117fdd54bd450ef3dbdc762ffcda36498dddb6

SHA512
0f5981678816f8a50192c71b0aec77076c9385d1e915d1922ca11c757cd7ecb060bf835bc9f2a792237e291e27a532ef9249d66fa3cfe6c6e9a219f3f30aedad

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
316e35a1c49ed71d92706ca9950b4f06

SHA1
71a8f9ea72a2d8a8edd84ad52f138eb6944604c8

SHA256
ec367e870b9e21eace75b72f5406287c4d65accba0a1d35519bd6d9baca0db75

SHA512
9c9dd02de440a920acce9ce3be8ad58a5a8ce3c72b88a576f919ab68c242cfcb5f78d5c1060e9afb867242fe1ca684258f6113b5c7ec534238b3d35e1b85c7ff

Download Submit