6df6d9184189d31c36a33175581cff3ad192f2608e86f0dec1754400171031c1

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e307555955806fc2be8de4be7e568a0N.exe
Size

43KB
MD5

6e307555955806fc2be8de4be7e568a0
SHA1

f4bfe4ea5153359557697b25f00761f0559e2828
SHA256

6df6d9184189d31c36a33175581cff3ad192f2608e86f0dec1754400171031c1
SHA512

f487d64e6410920751f986d34f83cc203ab7ea055303f3f4401e2e8d946015a4bef0556e7c888593e6d504726b36e3d4a3db61d4e74f13259a13bc7787e462e3
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltj8Tu8T37I7h:W7ZhA7pApM21LOA1LOl6Aj8Tu8TLqh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	6e307555955806fc2be8de4be7e568a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	6e307555955806fc2be8de4be7e568a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e307555955806fc2be8de4be7e568a0N.exe

C:\Users\Admin\AppData\Local\Temp\6e307555955806fc2be8de4be7e568a0N.exe
"C:\Users\Admin\AppData\Local\Temp\6e307555955806fc2be8de4be7e568a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
43KB

MD5
fb5105152b043c6edd268069cd4b3fdc

SHA1
13e5ff3863fda5a6ea0ee3bbb9aba5b76d4c70f3

SHA256
2aed4469230fd7216b94537ea82d1722e47294e44bd533fc367737e2e2641ab7

SHA512
bcb58e1fd4ac99d1fe7a0913ff471ffccdeb000e31bf067038f78a56bb94786beb6461c1a8fa5258fb32654566388f1166b684b6bb3187938987d5982e61eea2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
92550a3abe6b8cbd088b023d97220845

SHA1
bcff79d594461bc008dd145101f9baeac46ad56c

SHA256
dc59d4240684f134a262b28e2e4ecbf0d76608b62dbfefd7fc69637808e702f8

SHA512
58070f7de13d15ccbe4676433cf606901a3ae311db8813d8055f45cc63c580fb1cd0dfef625ccd88c374e755895a73c7e31012f44be9534dfafc737f76bf7367

Download Submit