8d946a5896de79041fbc3714bf4011a02c40b480da9f5ba31cb849e31bcfea4e

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6cf5996b18290b16a9e46bbbd9e9e90N.exe
Size

43KB
MD5

c6cf5996b18290b16a9e46bbbd9e9e90
SHA1

830655cb59afb7c46bcd3c38fd08af041b94e30b
SHA256

8d946a5896de79041fbc3714bf4011a02c40b480da9f5ba31cb849e31bcfea4e
SHA512

f94aa70c7ff3ae48d2658c927d427638944e012e4e7c6472bd2d17e2ada8a1c643369f500e2c28c9b446f890964751c691fd2d9de37a72f2f0385ec2b079def0
SSDEEP

384:GBt7Br5xjL9A7AgA71Fbhvnqj7jU7ubTAgpbuvx10AaIdKB7ubTAgpbuvx10AaIj:W7BlphA7pARFbhL801VvM801Vvv7cYR

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	c6cf5996b18290b16a9e46bbbd9e9e90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c6cf5996b18290b16a9e46bbbd9e9e90N.exe

C:\Users\Admin\AppData\Local\Temp\c6cf5996b18290b16a9e46bbbd9e9e90N.exe
"C:\Users\Admin\AppData\Local\Temp\c6cf5996b18290b16a9e46bbbd9e9e90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
43KB

MD5
9080f5f32e767bade03b034d9583c1b9

SHA1
ea135310f6be276e32a85aa12a480f11c330c212

SHA256
ba4ee46da779ec7ccee39ccc886a9b5e24afd91426e2af740c0adfee62a345e2

SHA512
eef39fe94b3ff8465154edc5d280ed526fe6c8f21a8147be3d310568a3fa7d05a392b535dbe423b0dc0ec7b11b4adeee62041a36bf0a9ce4a3d1f89830ec2be5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
bb882b7d74b3b2acb62ddd39d02dd64f

SHA1
d999ff3fe71b6239632ce6bb6bcb701b9694690a

SHA256
30a83d4eea205e79017d38d003d43ab38f4fb8f8cb10104f4e94ff5cfdf3b3a9

SHA512
8645e44c313ee8c69d42fb41903a74e4ec87f7b28db98444dae0a461c4fe32a7ade3f855ee478a744a46d31706542cebe4608300676bf4a90ae4193f2a45ba57

Download Submit