c84cd8e76378d196816af150634cf5c0e7fbcab47e0f6336a135b157e7c43330

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f6a65e91b3c551a68f14836491843e0N.exe
Size

83KB
MD5

1f6a65e91b3c551a68f14836491843e0
SHA1

fcfc8a579c4d0d3675c6087919f601f4ea5e3568
SHA256

c84cd8e76378d196816af150634cf5c0e7fbcab47e0f6336a135b157e7c43330
SHA512

7ae41df713cb577413abda09b455c42544224e13ab10d9418431e5a786719fd29fdb3f6c1c4d2c58c2be1fd04357622345eb61e1f478b53d8dce7d00cc27878a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzYS:6e7WpMaxeb0CYJ97lEYNR73e+eGGZ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	1f6a65e91b3c551a68f14836491843e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	1f6a65e91b3c551a68f14836491843e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1f6a65e91b3c551a68f14836491843e0N.exe

C:\Users\Admin\AppData\Local\Temp\1f6a65e91b3c551a68f14836491843e0N.exe
"C:\Users\Admin\AppData\Local\Temp\1f6a65e91b3c551a68f14836491843e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
84KB

MD5
d9647e9e84f68af5460e71dc4a8e3ea2

SHA1
21cbaf870356cfde1e04c4ee7825d924a4937921

SHA256
c43d1c4a8dd2749874a06db46cfee3816caa44e70bdb7b974a02b6e86f7d8659

SHA512
007c458da05d43db501008e2b9344961f09d5ef65252fa69f9474cc0d404bd6fd930c0f29ed9f38bd4693c30ba463cc98e11be678e1d4ae29aa49e04c5c2ec35

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
62deb156f1a4868008bbc080b4e0033e

SHA1
ed63ef3e62661d4185b8277ad0bac09c48a00cca

SHA256
67919a98191471b0c0a7886b7eecf4e952b8b63d101d0ca34a174726923f1483

SHA512
0c1424a86314fc903cba86b7cab1d77ec8ebdd68cb6bd9cd9081c55d9f9fd119e55cf284ddec42cbe65c385fdf5307253d05dd44fc4e723644c951dafb575269

Download Submit