7a71bf819fac885e6fdaa50f305c20270a9ee7da078d69f81aa48f4e1e18895d

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83a6ee3579f838b867bffadf9c531b80N.exe
Size

69KB
MD5

83a6ee3579f838b867bffadf9c531b80
SHA1

bc879cf071dfa0133d94cb87db22287b13f7742c
SHA256

7a71bf819fac885e6fdaa50f305c20270a9ee7da078d69f81aa48f4e1e18895d
SHA512

b574196a4a741f72b856a79a443f6ac83d46e68251151569790534793542f42070674e5097b6d6f407caf5b72ee8d6af04961560b890ccd2669b9293d08ad385
SSDEEP

1536:W7Z2sspApkZrZ4+fU7lK1lKT8/8aPtPfgNP:62ssWpcU7lK1lKgkEgNP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	83a6ee3579f838b867bffadf9c531b80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	83a6ee3579f838b867bffadf9c531b80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83a6ee3579f838b867bffadf9c531b80N.exe

C:\Users\Admin\AppData\Local\Temp\83a6ee3579f838b867bffadf9c531b80N.exe
"C:\Users\Admin\AppData\Local\Temp\83a6ee3579f838b867bffadf9c531b80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
70KB

MD5
8bca4abd3e78689ed84f10a640566822

SHA1
de2f7de6c49c090ad55a2e5593df8ecaa1935572

SHA256
c367a4d807e69f8a545a033f4c68eee0bf1f72031e33d6491712cab6113ead6b

SHA512
aa4837e377909dff37ee6aa843084a387422e13ab384ae356621324b7ee85ad9c9125eeb8fa1c99347ff560ffcd944d12ae6a5455704af0ac0f6917da108bf1c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
f524865f2c24e993279cf9a5b8e350dc

SHA1
771e6d21dd57cbaf27be3dd5ac8c8b7dc91fe016

SHA256
376a4201f0f36e142cb46abf2a046a11f708e4df5f16154fe5b9ed12e7e32277

SHA512
8ae47aeafdf7669cc40562ba7bebaf7e9aad3378f35138ad5512c57f70a0e63974737d2b270bb76223d025853022859c098f5e5c82851d662738f7af39b1ec3b

Download Submit