9513be314bb3d7cec19a460b8b551d00b1ae7030706cf66462d8527c8ed91181

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61ec757278070446c10acd56270cfd70N.exe
Size

48KB
MD5

61ec757278070446c10acd56270cfd70
SHA1

7c28739316ac93c172d03665ea77e43a747e7c69
SHA256

9513be314bb3d7cec19a460b8b551d00b1ae7030706cf66462d8527c8ed91181
SHA512

2e81fa859c763405420a649a886da0e946a1df989683e6714fdf29f9972b4694a8c6ae1c4dca8681ae4371b873033e7ecfcab593a5d56be14444c46c1d51ce1c
SSDEEP

384:GBt7Br5xjL9A7AgA71FbhvnIH2YsTKnKqtaW3W4:W7BlphA7pARFbhvOsTKnKqtJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3259) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	61ec757278070446c10acd56270cfd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	61ec757278070446c10acd56270cfd70N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	61ec757278070446c10acd56270cfd70N.exe

C:\Users\Admin\AppData\Local\Temp\61ec757278070446c10acd56270cfd70N.exe
"C:\Users\Admin\AppData\Local\Temp\61ec757278070446c10acd56270cfd70N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
49KB

MD5
dc095ac8d6fd9e88c754177e4683cacc

SHA1
bb41c6c1bac8ee02a0fba0c8bd8055a50bd7def0

SHA256
03dc6e5457bd55bd9d83a6ab163f936f489a4cc4121ec6c00f2799f3fc81a87c

SHA512
11c4e0e67fc6d82e16617159242bad810f25ad6c38d10d22c402d09ba499005769e28d4e69307dae15638dbda6701a0bcd96f693ed06110355c9a75ba28b17f4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
b70c0395d05e519c0c3b89e14d8eca8a

SHA1
57c28d49857c83e97a789cce742356d36f4ce61f

SHA256
a697f33f79557c8ffd53131cf40a00630c057acbf709472dcc2e0b0c94e19760

SHA512
44dc7c6688c263308b71582282f1e7aa19d3e886feb479667109d06ef915b36c83c850b252a0f69e00784ac591472e550039213cc8686785ed73c5d572f21ef7

Download Submit