1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
Size

98KB
MD5

505f29dc70e14f71b90b35b7f1894b80
SHA1

9b742470200413dfcb5cf9796265a315ffb2c4de
SHA256

1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb
SHA512

f24df27e8b826a5ac68c97e8298785e03ee50632d67b772aa5f069102a68d0a716a0e4dedf254ab0bdf89b336fa92dead10d5f92284b569303c2db89f835294c
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eN7HlulD:RqKvb0CYJ973e+eN7HAh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3684) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\weather.css.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe

C:\Users\Admin\AppData\Local\Temp\1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe
"C:\Users\Admin\AppData\Local\Temp\1c63eaf9d4293a3389862a450e455e7f9d1abea7a5863e1ad5b92ee1871be6cb.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
98KB

MD5
a89b7d39a03a2bf362227ac1cae53bef

SHA1
7035bd67b6bf47e93770d89db95d96d050082aeb

SHA256
fc9db6c3db4437f641d52cc51ba99e2a0587013c1429f294170be3820cda92bc

SHA512
21567bbeb78007cd9545568d886fee3c72bd0606eec3179076ef83332bb332f9ca177320e60ae585b9687fd32ba4e02443ce5c709bdbd13d5aa6c92fdce3639e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
b7bb4ce57c723ece1f17ee45efa1c9b0

SHA1
ff2560ab9817fea224b79af231ec2c649c06b763

SHA256
50fcbe08249d5423e144a43e5af4f910fc1fd443b97c8e0d87bc66569b9849c8

SHA512
f4c8d186e93023c12ff9675f37f8909d15e17ce9ff52a0dffd048a39dd3d4d7f078e54a30a1c6664c016edaa546ffb91867463e09bc93534e035af8a294ced61

Download Submit