ccf7a440c0e713b114a678e566d789f569726a7e370467c13eb8dcf2a6fb6172

Analysis

max time kernel
120s
max time network
21s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

864afe9b8a4de65de0f58ed8e699f910N.exe
Size

128KB
MD5

864afe9b8a4de65de0f58ed8e699f910
SHA1

c150d2b7210489396e100e9abfeba4f5b4b21466
SHA256

ccf7a440c0e713b114a678e566d789f569726a7e370467c13eb8dcf2a6fb6172
SHA512

4d70a1c54af1d1f7bde62598c1cd4ff23e39a0abc90607c1d0c5bdf39b0405d1a955d73e6ec0a984aecc956ce93ab35118d0f4a2911a2dfa89b7296c5e76bd58
SSDEEP

3072:6e7WpHIyRF9ESWu0SWujKsKdlblbPxBR78qMD2+jaj86LuhmsMat91:RqlIyFESWu0SWuAPx2ajODD

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2824) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	864afe9b8a4de65de0f58ed8e699f910N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	864afe9b8a4de65de0f58ed8e699f910N.exe

C:\Users\Admin\AppData\Local\Temp\864afe9b8a4de65de0f58ed8e699f910N.exe
"C:\Users\Admin\AppData\Local\Temp\864afe9b8a4de65de0f58ed8e699f910N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
128KB

MD5
d78cf85e170eaa66d9df0024c7efbde5

SHA1
14f444fb81f6d2ca862ff51328e8cdd0f021599f

SHA256
e0ce7675b92c2ef6c1b0cdd27edec8a0c9baca99beb06c1dc43ea9ee50f446aa

SHA512
ee413fc0dc2de113df02ddbb43d3abf631839082857d40c907d9b0f31e7f8d35b9a42c1b8ebad4406ec37a9cc098755f61c2730451c27655b478519c4aeb08ed

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
137KB

MD5
46de4913395b20b694fcdeac94acb6b7

SHA1
c8bd4885d935ddda9ac00707332d5b4417a3e8e3

SHA256
d60d72f8f1fa3f85f7526c9489ce953e1de7042ecaa7ac7cc1e5c75440b3211b

SHA512
791e63366ca0359d51f2c759be9094319b293b3e74f41b5c0aff0b039a8b158966fe7baf6279a0beed0ba17109230b6de4ce3c9fe46c0a68f5013d91851c200c

Download Submit