d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
Size

53KB
MD5

fc577bc87eb8893512dbef14a5b8cb13
SHA1

2d37e56c6c9f2fab5f114e50f00b4b267a77db53
SHA256

d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957
SHA512

4893aa7a102c2cb13de6dd36398408e64333306710530988d273db7a50852ea0954df74e47107e9b9573af5d66703b6a5dbaae37741e4b51b04ae16068aad3dd
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLh4PCs2B24PCs2BKw5:W7ZppApBULcfpHLcfpyD+4PN54PNdw5

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3737) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe

C:\Users\Admin\AppData\Local\Temp\d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe
"C:\Users\Admin\AppData\Local\Temp\d50fb6fb3fb1bcca64738ee37474a903786296f3d8db7ff4aff51e6931451957.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
54KB

MD5
69495d2668ac714ad5173df83c96ea89

SHA1
e931a2438050988a4c6c3724258ae81d5452cdf2

SHA256
9a7671f0d00c618f7a24f0d04b746bb5f67fdb4b5b3e1fa30a1197f58ab47a2e

SHA512
3b4edba835584757811c5dc9516c4114dea4bbca9f9dca0a2cdf607e378af592d650157214b37de4b8dd72caa82cd9c1a43b6fab5ae1225985ce4331c02899a2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
57a27426c552a13ed63c8f686b699260

SHA1
8ad80e767d6657d01d8267bf432f1238a8a78b55

SHA256
0dd0cb16ad64abfb9b3ca13b0ff7b91358fd2f15499f54e4ac7d51b4cecd1cdd

SHA512
37bafef7fbe2b84eefb8235626a51c4e08ef2feffe2f682320fef7875fc7d7b90ea206030973b988a44fbdebf6e0da2f1c960ca2fd7e3f71ed607a5f082cc53d

Download Submit