3941b8822b8b4ae26537dbaf5805c731287c0ad5a69b5fc2c45f7c717da66feb

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d05038dfeaf2810458845c011c99200N.exe
Size

195KB
MD5

6d05038dfeaf2810458845c011c99200
SHA1

5270cbf231fe44666787cef0aa5c5aadcbf59eac
SHA256

3941b8822b8b4ae26537dbaf5805c731287c0ad5a69b5fc2c45f7c717da66feb
SHA512

314a7af33c870c8879b6512d7d27392656eee564fe56bf79c509c30c24e1117ebed018295e515541bea63e8d79b198a51f3e2791bbb101c046359c962b0811d7
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkZ:RqKB+tOkWKR0iJ0lTzkZ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2661) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	6d05038dfeaf2810458845c011c99200N.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	6d05038dfeaf2810458845c011c99200N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6d05038dfeaf2810458845c011c99200N.exe

C:\Users\Admin\AppData\Local\Temp\6d05038dfeaf2810458845c011c99200N.exe
"C:\Users\Admin\AppData\Local\Temp\6d05038dfeaf2810458845c011c99200N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
195KB

MD5
f01acab37f9d938ba735fb935b2cf4fe

SHA1
715b23ab177f988a1cbb96d9fa2c50bec7006f30

SHA256
9159e6d74469b1446bfb0ec00b0ffa040aece6750a9959a6e09d819588e676b1

SHA512
922ed145e9f810ee1a55d3352f7b347697f4d244ae9d463790a6d86790a676b986dcdb6695e249472ba7f475b85663504d51acc8208f7f72d169fa44295afa9e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
204KB

MD5
5b1b212fe927b9bc0677d53635c646bb

SHA1
805879e891a833598b846281af4e9dd01833dc45

SHA256
b6afef4587d817e8829f54a0f164307a208d8c6fa8eb14ecf31d12e4736aa9b8

SHA512
5365796b0e8e1939e181313b2b746be741841d9ee462d0389e81db16e22c5e070a0cfc8b4a8fc3807a8953329f3fda3fe6f67d45d8c2be8e2aff9db64548bbfb

Download Submit