cd362961d73aaec6159b98c2dcfdc0c91c51957abb597002a012b16243abb57b

Analysis

max time kernel
120s
max time network
22s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76a3289c32d60f191e296538b4366e90N.exe
Size

41KB
MD5

76a3289c32d60f191e296538b4366e90
SHA1

7bcb3db8f0de34729d56cf40c28cf49d5f6c2b90
SHA256

cd362961d73aaec6159b98c2dcfdc0c91c51957abb597002a012b16243abb57b
SHA512

9fa672626edda7fb1c3d169fc83f9229cad23af63009d8d5ff76c41b2bb7916786ddc5729ef90e95ef9b3e4d2b06778302bdd824fd276d6747796d7b284959d6
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHA9jxje6OMmy6OMmIGR:yBs7Br5xjL8AgA71Fbhv/Fzzwzl83/H

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3217) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\RenameEnable.vsd.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\StopUnblock.mpp.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	76a3289c32d60f191e296538b4366e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	76a3289c32d60f191e296538b4366e90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	76a3289c32d60f191e296538b4366e90N.exe

C:\Users\Admin\AppData\Local\Temp\76a3289c32d60f191e296538b4366e90N.exe
"C:\Users\Admin\AppData\Local\Temp\76a3289c32d60f191e296538b4366e90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
41KB

MD5
ec5e7971fa0b6d22d5265fc640299c99

SHA1
cc30ee844223b0ecd50fcd4f85661a4cb62eeaae

SHA256
789dbabec649e7b87296b5451f0076494275bf1fe7aec9fd98bd55c08ae19a4a

SHA512
276d6b4f10c71ef97cf39419cdc50a8bcc8997ee34f043086b6606acd99b0485a150c376602295590e21184cd35cdc47ab604bcbad523345ccba988d6a3b9ef6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
240a798a56a8ef814e6aa754bcb38135

SHA1
8038da589878604de4a708c129c64ac9c79fd93f

SHA256
cd6645581ef88f662fbb1f8122bf09c1ae0edc72a2fbd34d35e33a36168ad0c9

SHA512
d87a4c00d414b5796c596aa313a84d0b6c2595d4fcd0081c575e35e54c8072ade57a84eeaa2dd5cbed42f4c01d0a94762340a8ef2d2db4168908797a669035b5

Download Submit
memory/1708-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1708-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download