6d967da7c86c5853aaa6976d0e70bf2682339d0468d3abfe8116a257317f2376

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-08-2024 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c84f7dc57381e6b5a406c58379009230N.exe
Size

45KB
MD5

c84f7dc57381e6b5a406c58379009230
SHA1

35a1c6d5ca7e67d16c8d7987406610fbf8c0b0a9
SHA256

6d967da7c86c5853aaa6976d0e70bf2682339d0468d3abfe8116a257317f2376
SHA512

669f770ae3874cf14df7d0e64c170b7681c241c789e83aad79bbd29ff3c8671647d84e4d8d49768a55b221d5d88ba7731519b5d97be7b171107fdc3902b6ba40
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/FzzwzYYo8F8S:/7BlpQpARFbhNIYYo8F8S

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3218) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\ResumeFormat.ocx.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	c84f7dc57381e6b5a406c58379009230N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	c84f7dc57381e6b5a406c58379009230N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c84f7dc57381e6b5a406c58379009230N.exe

C:\Users\Admin\AppData\Local\Temp\c84f7dc57381e6b5a406c58379009230N.exe
"C:\Users\Admin\AppData\Local\Temp\c84f7dc57381e6b5a406c58379009230N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
45KB

MD5
2eb9a37a7963c6d34ed2a4b43f388cae

SHA1
d7c051eb4d166478765edf24f272296928998c45

SHA256
bdb88dca507549f94ec507f62379ce27c03dc3c6d68371d0179069e7b49cc89f

SHA512
b1ec20dd5cebdbc4af1abcfed259565261af0206add6a4d462a2223432daec0b49da7298794e24daac140d83bcec9ce96621899e2b59d18fa6c55a7055854fa4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
f11dcb651d5b3ed7d7e1effa14a1e00a

SHA1
5a234ca427e41943658066b2d0ec7d7106f28378

SHA256
44ce52e16260258a1211ba995741438d88a6ab51fb3ed951f27c750aac3e0d6e

SHA512
773b70781a2b159f463fe5847b9877f0535f7f93b282c2d8ea68fe1fd122f8fae12ece72e09c0aa2541ba27bd5940a2d4c9e34c1cf4b3ace87b2ac81b9da1e5c

Download Submit
memory/2928-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2928-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download