b4643df6606f1e4fc0156e04d8221badf25ac060b6f8f39cd7e75d75052b2202

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfc59e367bd1643953f6cf9b11cdd980N.exe
Size

46KB
MD5

cfc59e367bd1643953f6cf9b11cdd980
SHA1

c43b213601307591bcf716384f79a864bb7a39a1
SHA256

b4643df6606f1e4fc0156e04d8221badf25ac060b6f8f39cd7e75d75052b2202
SHA512

69b04b801f5e8f9c251824087c530bf55662cc1aaa4b4b76d0c637b3cfe195e8e1ab0977f5b97b13e4b190fbda2f1abf8ffadfd3488de48ed1a17a5fdee3a4b3
SSDEEP

768:W7BlphA7pARFbhL801VvM801VvcR2+lJtZ2+lJtSsM:W7ZhA7pApw03vR03vcltdtSsM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3289) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	cfc59e367bd1643953f6cf9b11cdd980N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cfc59e367bd1643953f6cf9b11cdd980N.exe

C:\Users\Admin\AppData\Local\Temp\cfc59e367bd1643953f6cf9b11cdd980N.exe
"C:\Users\Admin\AppData\Local\Temp\cfc59e367bd1643953f6cf9b11cdd980N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
46KB

MD5
8cfc8f0801f40030c4c6b96e8289d8b7

SHA1
7426024f3f0c9f492940068d5bb039464217aa85

SHA256
00182a27b9f319f5df8c99882abb9627c119e339c3d9d75ca409717254d7e780

SHA512
23e6b46230055747016399c5a33cfeaaf7473a328584503705cd4a87dc36b817b891874058609cbc92cec7ca5f6180b143577a3809db24883b1c8d40d0a1f6dd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
47fd1713db3eb7a208874ac28eaf43f4

SHA1
a3e89dec7bde99d6939c689dad5499922a688c02

SHA256
a501d69adfd66e9315565421c68b67be45a7d8924a50b5cf8c6ac397f9e290ba

SHA512
0b2d2bf471dc60685b524e1964fdb6a04a4ef761e22e705c1edad338ef40ea73935e414b3f82d5b75abba7d1e09b7a871e090a8b86bf4494e579fc62d6bfe73c

Download Submit