4740b07291aae3d62a9ad73abd17ddf8d8c3e3087deb961c855623af8ad85232

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf804378c6a188445b465da874868480N.exe
Size

54KB
MD5

cf804378c6a188445b465da874868480
SHA1

8ee3ed9e8036809561affefc3f677b2c9d469d84
SHA256

4740b07291aae3d62a9ad73abd17ddf8d8c3e3087deb961c855623af8ad85232
SHA512

0e29b7d3147809b758472cd5d81210fb03ce4b3a8141c46ea9564edc35a4928c247166ca03fc4118a11dac948e7200571453b10f77ca0ac027bca81eb4dd22c6
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLyEaF/MF/4PW:W7ZppApBULcfpHLcfpyDv2QPW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3233) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\SaveUndo.WTV.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	cf804378c6a188445b465da874868480N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	cf804378c6a188445b465da874868480N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cf804378c6a188445b465da874868480N.exe

C:\Users\Admin\AppData\Local\Temp\cf804378c6a188445b465da874868480N.exe
"C:\Users\Admin\AppData\Local\Temp\cf804378c6a188445b465da874868480N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
54KB

MD5
2af638be9472d62badb4d549e88902fa

SHA1
56e7ebcf98417a555e103f3952d6d3d4bd1810e4

SHA256
105acb732816bdb141d2ef199e9e6264ad9222aeb1e0ab93d2b2e0edbeccffdc

SHA512
a3eec9e5fe6352f1c9748779fbddfaf7ce2f3ffe9379701ca05f6cd718615c846602da71130fd23fca2976c8bb5df5ed477157aa1e647e9af2b60e1df1020ef4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
449933052e480eb87712f2f813794568

SHA1
1311daf704c2ae72cb3e4bb3e09e5def9cf67b3b

SHA256
52c13caf00a3318e3dfa2f0d3c96434b714bd1beaa26400216ea7e5cbb607a89

SHA512
a93def50a7a090b1ec28e4de6e09e00fb4e66cccc1e2791602fdd525d9c17bea5bab2e8a4cda9f480479524ab482ad93d428f6950b581a9dc574da1c92f5890c

Download Submit