a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
Size

49KB
MD5

bbdce0e46269dbe1e20955a1926ede39
SHA1

3fe00d53ff81516e5de17760e713992273ba500b
SHA256

a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6
SHA512

e4bfd4db8aa0010662fa0ca1bb36719c6329196d46da89f2b94bdf2e5ddcbf26f0501692b6319455af3995ab26922fb7409cb558f765673609ecbf1a30517498
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5gSuBjjyH:W7ZhA7pApM21LOA1LOrtkpt6g/yH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3785) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jre7\release.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Defender\MpCommu.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe

C:\Users\Admin\AppData\Local\Temp\a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe
"C:\Users\Admin\AppData\Local\Temp\a60c62938a1d1eaa3cc60ae4e4629eeb48d777779785dbb1ff163e0558438fc6.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
49KB

MD5
9aeed8b0fb70c1dafe87fa1249fc9e6c

SHA1
3c00b8cc59aba2ad9f271b74c65df57470f68c48

SHA256
0f0b9a20cc61c3771fa551731cae17aa8e489300cf6bcdb72e738168291342a9

SHA512
12accfa78c5ef2b29aac2314b98f1d7cb62b55662943a75749a3545e4b44cb8f18403e0fc27e3b98cfc9f1d1fb546193ea1f9dd5973160d70435698d83d5c484

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
513dd931757a1eb17257b561619cace1

SHA1
555352efff2c7aae113da2a60f4d090a961e0343

SHA256
635001db841a50fc8c1e26d4190117adf32561b09f028f7f06db041725e31a7f

SHA512
5ee2267d4740f4e88b9cdb6feee7faf64ea65c5f2c2df5d306c6de6ac9d7c1dd7a3af5b126d17c047109c90598572b683fef08b7b9ee7c8a110ed8b0aa8c6331

Download Submit