8c3ee07a2cc3fb2e41d81610117c1f574b0327ad512c0b1c5458835c7bb9e048

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77abb53531d50eb51978c50900389110N.exe
Size

40KB
MD5

77abb53531d50eb51978c50900389110
SHA1

9ae67de6fcfaaa9c12f094d8cac87f82eeed2c82
SHA256

8c3ee07a2cc3fb2e41d81610117c1f574b0327ad512c0b1c5458835c7bb9e048
SHA512

ac11bac18af518af748ec6871b8a688355314ca697ebf3ba9bce4ffdbf433635e6f4c53db42988772bbe1e19e276102055251f52d3a86ca35b203c0ed4f5d660
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1n2pqpc:W7ZppApBULcfpHLcfpSo3fewc

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3229) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	77abb53531d50eb51978c50900389110N.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	77abb53531d50eb51978c50900389110N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	77abb53531d50eb51978c50900389110N.exe

C:\Users\Admin\AppData\Local\Temp\77abb53531d50eb51978c50900389110N.exe
"C:\Users\Admin\AppData\Local\Temp\77abb53531d50eb51978c50900389110N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
41KB

MD5
e791124970cb02ecc80e7467667a836a

SHA1
d27cddd18133dcdd0c21a617dbf1fdad5da6a6b7

SHA256
cb5079c605328cafab9202e5029b878d96d63bf63071066b079e5fcc32e2f098

SHA512
d80158593cf4a3e91b2cd06129fbe55522e6c39177227d5dc76eafce0ef82a0dbf16d5e5f1ca1cb37676d33872c6ac786e906155d687ec2f99c7ff7310fa7de5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
857b7e7b866347b1d81a97970e35a2c6

SHA1
bc81752de9d17920fccf0ed332c93a011cb9ea41

SHA256
5d943958ffbbd9b049d7c6c3e99fa64a4460e60273cbe4f1111315409124beef

SHA512
186897dbab8f8f52f0594e2486b9f1a03ce77642827cab9d2a2cf8f643b6998857be05f2fb7d949f969c235d5fe20b50cfa3c169085cf68329160e0d3ef46078

Download Submit