61355292049e8458fd908ca34b5bbc5a6da6e0ac83bc960752812a861b6baf04

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60edad5856cf05fb048a707abb2b7ae0N.exe
Size

38KB
MD5

60edad5856cf05fb048a707abb2b7ae0
SHA1

92ae7eb9f5d91a10d0a03660cedbdefb7a389af6
SHA256

61355292049e8458fd908ca34b5bbc5a6da6e0ac83bc960752812a861b6baf04
SHA512

4c1ad30a05e780f712a45910053e8a5381d1e6892c79363bc318e410de36d8fdb81ff91c28c0c522ecd14029f6dbca569543269a0e45221ae13fe8d296932800
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsS5EBIEBU:W7ZhA7pApM21LOA1LOl6vS5EBIEBU

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3326) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\desktop.ini.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	60edad5856cf05fb048a707abb2b7ae0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60edad5856cf05fb048a707abb2b7ae0N.exe

C:\Users\Admin\AppData\Local\Temp\60edad5856cf05fb048a707abb2b7ae0N.exe
"C:\Users\Admin\AppData\Local\Temp\60edad5856cf05fb048a707abb2b7ae0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
39KB

MD5
b6a0604cc4e4a2357fb3578504cb4c5c

SHA1
a776cc0988bb916ad91473f213e2b6e692796f99

SHA256
bfe8bb56c5b3855541edb7d79c0a0840150534d9fc0c7ac1a0e77627edb8b343

SHA512
773b121812ad28b1162732c04486ac653bab51cf1eab580470eefd260806e5b6a4e0ba002e806c435cbe28605d32f3145c97df60393588640e2b524fe4784d3e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
4f59f0c4ff75400c33546530468ac9f4

SHA1
34cbec8aa2abbcd9aea900c0528b4a890b9c52b6

SHA256
3ebd75335c8bda260678aeceb544f9d68b52cc6c0e9f612c956f22761b8fa35c

SHA512
009050ecd6a589aa666179a432d8c8c84e61c194b68c8780a0cf3ae2dc779bb00a49943b020e5c2e45acc953f306f625f091ed05ae659a26e5a5941e5d0cb613

Download Submit