e553768f6864c8677e954370ba60e2782e63fd9be4e52a04bae03c72b90eef5c

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7616b0ee50d8e7c66787785d9666c4d0N.exe
Size

44KB
MD5

7616b0ee50d8e7c66787785d9666c4d0
SHA1

781ec1a6562260f5736edb7d33097e262644f9f8
SHA256

e553768f6864c8677e954370ba60e2782e63fd9be4e52a04bae03c72b90eef5c
SHA512

20d4a6a27341157ebcd1f43ff52b7fae653ccdf60094195063c58b7e287e3466cfd44ed80c40ade9f56389b9a6cfa2433bc7f04df7c47ced9937eab84a486933
SSDEEP

384:yBs7Br5xjL8AgA71FbhvPvD4Qfxd4QfxlQoVeDQoVes:/7BlpQpARFbh3vzfxRfxlQoVeDQoVes

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3260) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	7616b0ee50d8e7c66787785d9666c4d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7616b0ee50d8e7c66787785d9666c4d0N.exe

C:\Users\Admin\AppData\Local\Temp\7616b0ee50d8e7c66787785d9666c4d0N.exe
"C:\Users\Admin\AppData\Local\Temp\7616b0ee50d8e7c66787785d9666c4d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
44KB

MD5
64a07ac9d3420932e6b2e05b0cf2f549

SHA1
13cf94671fa1264c8b56f236596e52c4c6eff2e8

SHA256
83d38061268cff6159277fe76a6902086afc48164a5b9cf97d76b36c82285def

SHA512
287e0d2e8bb83078175ee0ec990344611ad295c0068a685e60249a655cdd42660e939b3a899987b39569391e35aaae73be3ab6d48b562ba5563f756991ea1551

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
087dd898d2e5d83fe406e2eddbcb11ea

SHA1
0011faeb89ba5c44e9ffacde84ea2a2bc1169fb5

SHA256
e25127aa13396e93b5fe145656c2def1317af951c55582ce9f11dfeb9cbe4909

SHA512
a7f23ea015ffc3680025bdf83191daaf7b14f6a88c9c62cbbe0decc18cfa06372904ac56811448574b03b342414927d0dc0e57ede4e4f21786116e31c2c82468

Download Submit
memory/1020-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1020-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download