261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
Size

52KB
MD5

186dd00ec36da5e39c1c88c6da79655b
SHA1

e933927692e33c7c102a8d2c17954ec65b2232ce
SHA256

261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760
SHA512

1c5f7f6c99299ad59034a188dc5b2af844b647cc886237829a03603892a411cfe82da84e8f12798e409ed1821ea4a0d2025dd50836240e803809629bc99098ee
SSDEEP

768:W7BlpppARFbhwEnAAJ+AAJbjyjuhPitvtu:W7ZppApwEgyaPitvtu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3706) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\RequestPush.ps1.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\TraceRepair.mpg.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe

C:\Users\Admin\AppData\Local\Temp\261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe
"C:\Users\Admin\AppData\Local\Temp\261be870183cf95c0b630a792754713897058029d6501fd679b63d3d84697760.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
53KB

MD5
711beecaab9b61feef320eff90d4aa62

SHA1
34d68091fb0b1c68428ea375573074812ac77fb0

SHA256
de4fef7c1f1fab755dbc9a704867c1afa01706b65b106577ede91c0bf11577ad

SHA512
df0b9150f5542002f9e2bc67046735bfb7854baa76714c8598419be436f7952f6307dc636e5b2c66a2a28159485f0697416634ff91559d00b08e4260ab11130e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
2a24d863cb51a1ab2f6840d9fd24245a

SHA1
2f1fb25dc705f66a4efe28715cd8aa3aceaf5b32

SHA256
c7fa2c5994f3860b96d30f64686dc06948231462f37310355135508afb1caf2a

SHA512
04af374790ff3cdf757c7e02176ae87407e11f351c7a22ef62def0e43ce61f91608d89d472c3e9374551fbf6d393c47fbd23b57c7bd350a495f5fbf3cea87980

Download Submit