78bc4b11aa828763fb4a91f9b7c8e86d668ab7bdba5bef444fd380be81fee8ed

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6f00dfd3cabd0c2656706625faeffd0N.exe
Size

59KB
MD5

a6f00dfd3cabd0c2656706625faeffd0
SHA1

fc2fb95c9beb72302a18d1c55c3d1b721624e191
SHA256

78bc4b11aa828763fb4a91f9b7c8e86d668ab7bdba5bef444fd380be81fee8ed
SHA512

3aae91fd890dad619b15eb700f774ed451f24c9ebfe71e57eac71f8e92b25d00d761415dd38f95d1f963e400d187a2f282293412d8352f0b6d35a34e1f8b00d9
SSDEEP

768:W7BlpppARFbhwEnAAJ+AAJbjyjuhPitvttGeoGex:W7ZppApwEgyaPitvttGeoGex

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3260) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	a6f00dfd3cabd0c2656706625faeffd0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6f00dfd3cabd0c2656706625faeffd0N.exe

C:\Users\Admin\AppData\Local\Temp\a6f00dfd3cabd0c2656706625faeffd0N.exe
"C:\Users\Admin\AppData\Local\Temp\a6f00dfd3cabd0c2656706625faeffd0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
60KB

MD5
09ee76fc958de70505b0ca5862795295

SHA1
06d0a624c5fc714b60343e7649bbd41459bc9ef9

SHA256
58f2382be1a9af12b25615e2d4525194ca2d44e469088965d3b8e35106e763ef

SHA512
6abccec0bd9ca6de4b6fc4704a866a3a5f166ddaaf1a0bb9e8a704c413adc0861d2313a816b4b630ef59bd0e8bba5809c85091aee0778d984a964356243f33ea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
f899b34b0ee52b9ad9e7fac12a09d904

SHA1
0ac6c2471aed3ae91662ab9a1636fe5ca6002d58

SHA256
fc161cb6fd0e014a4a5b5531d097c85f6444dccf4c8f9379d2041a999137bd95

SHA512
69a3c19e2b5214da8134eb384a6471a2f2f8f2a2bcfaf3d38d7d0e7c631c41843d6b1c305cd73bbf0e31e2d22e79450936281fe0e40cae985e385d064a205f77

Download Submit