001368ef747c9b09c920a339537a45381bb492ef8a34e7e37e8bb22e3ecfd377

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 16:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc1e532a0f2935079af06557289c60a0N.exe
Size

80KB
MD5

fc1e532a0f2935079af06557289c60a0
SHA1

b7904fb78f73389f9dbd5625e837547dc5a0df9f
SHA256

001368ef747c9b09c920a339537a45381bb492ef8a34e7e37e8bb22e3ecfd377
SHA512

076b4db5a4480ff7bb0cc2938c367f05f353b164b3d7875fb4ebb73569ff9015d482728ff28cf87e27d86129d3e813ca81368c718b19cf0e1583c2c570fbd7d5
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd55tDYTYRa9S2:6+WpDfmRfmhJts8o

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3070) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	fc1e532a0f2935079af06557289c60a0N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	fc1e532a0f2935079af06557289c60a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fc1e532a0f2935079af06557289c60a0N.exe

C:\Users\Admin\AppData\Local\Temp\fc1e532a0f2935079af06557289c60a0N.exe
"C:\Users\Admin\AppData\Local\Temp\fc1e532a0f2935079af06557289c60a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
81KB

MD5
5e8fd9da70a6e4a6795ca0409cf37357

SHA1
edbc110a485084d6629752ba4d600a315ef95da4

SHA256
1b23bcf2f572e1674b513e460fdb53b146d55ee6dfd17aa3d2c62804ff8e7866

SHA512
175365cc86698eb4354e9fbb677ae09781daff58553ab8d1feb156932511dbab52dd4b62fe0060c9b1b64e0b52944326d08c3725c081e371bbb53e2e6ee4e661

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
fcf10cba6e59dda93af94fdbe6f6fbf2

SHA1
e9c5b7574971e2fb018a1a53b1a0eab1dbb15c7c

SHA256
6a63ca642a93e9059a6d47b357f1d44fb4aeaf52a63c1ca54a67b3b23c09e4aa

SHA512
a15059ba9cd262dcb7bed28c093684386285bced9b0ae475cb2b089470edd6c31fcaa53ae581aeb8d961816ab23f5c040628dd9aea426acb1060b8a09182836f

Download Submit