e7a2c67402720ea8874568a98e13d1b286139f4a1bdd7f9ea7c6d89f25f5cfe2

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cfaf9685f530f9b8882c4159275bb10N.exe
Size

194KB
MD5

0cfaf9685f530f9b8882c4159275bb10
SHA1

8ce3ff45b6a7ee4176815221b23cbf63c1ced6c1
SHA256

e7a2c67402720ea8874568a98e13d1b286139f4a1bdd7f9ea7c6d89f25f5cfe2
SHA512

65cad80357b50811569daab6261aed49788ce1e9085a4c0ea3f53633b6902a59792ee091c83ff149fea7599910d66f52b864f464a0ee71e1070d05185da16a37
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkz:RqKB+tOkWKR0iJ0lTzkz

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2691) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	0cfaf9685f530f9b8882c4159275bb10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0cfaf9685f530f9b8882c4159275bb10N.exe

C:\Users\Admin\AppData\Local\Temp\0cfaf9685f530f9b8882c4159275bb10N.exe
"C:\Users\Admin\AppData\Local\Temp\0cfaf9685f530f9b8882c4159275bb10N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
195KB

MD5
9b5320935a539cfa0ed0382f2eb03e72

SHA1
9bf346a32071320c1c5beb78e7fcf436f21b169d

SHA256
70e2320799126dda1d9cf0b108ff21c3c2da017b43941731c00c09f26c7e6144

SHA512
005bc7e56c31863a302dfb6ffffd4f5a13bfda8467982e65faefd2824f56929250b0d4329760344ea0aed589dd7340113af6e7acb1d181ff49f8b78862ec20e4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
204KB

MD5
2db9c8388cacd8658655c749a3ae4af2

SHA1
aea4122a1a3b4e8aefd66294add924ace04e9cee

SHA256
aba41155f46a13bb4f37cedb94b197b9d4e759e8ab2e5a0bec1eb38552c99483

SHA512
367784a718e8ba56e5f12a225a6d4957d186b8d26f2a74f6e4ffd9a06e5e4cb05357a7b0d060251ba849f1d7eb01e28a66b1b68cc1a1c807cec45816fcfa2a88

Download Submit