29432bf5c8ea010013ef9e8a829d5cbd5b8643b26a5aae79f54a95a05d3a41c2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 00:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e28290f926d64481cfa62ded5aff5e0N.exe
Size

81KB
MD5

6e28290f926d64481cfa62ded5aff5e0
SHA1

f84bfaaf09b0fce6bc5463af974e6d396ff38522
SHA256

29432bf5c8ea010013ef9e8a829d5cbd5b8643b26a5aae79f54a95a05d3a41c2
SHA512

c4a0e32b5d76e7873de47a57849a165eb52991e901ba98af53238e61c8181a95eb91f36c05e401c0f2f542e71e0f5aec7a5db18b1487d7b9ab84b33fa6216acb
SSDEEP

768:W7BlpDpARFbhYQkQzaxkd+axkdo176/hvYaJaMGw4PCs2B24PCs2BHE4JAIAepEi:W7ZDpApYbVK4vx4PN54PN4OHepOHeZSa

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3125) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	6e28290f926d64481cfa62ded5aff5e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e28290f926d64481cfa62ded5aff5e0N.exe

C:\Users\Admin\AppData\Local\Temp\6e28290f926d64481cfa62ded5aff5e0N.exe
"C:\Users\Admin\AppData\Local\Temp\6e28290f926d64481cfa62ded5aff5e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
81KB

MD5
abf75cfd8524367f5e45fb1a57ffc504

SHA1
ca0252353251391cf24a9e36d2bccfc73b30fabf

SHA256
f136802a8fb2189b6ced5c300e6ab2942fbfc9d45f015f3d6e65faeaf170be46

SHA512
423ab973c6bb7ad225a880db5c11cbdeeed4888e83f060ff11695b1a8ddd38b8a14dd0091678b9e44231904330456aa522695499582f8afd1f3beaac41fccbbe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
c8b7d91d5dc94a06e1140fe5aa308149

SHA1
ccecef6c45513eea8ebafab028ee76c3cf2802dd

SHA256
26fca15b671b6211661ec97952953b0e8aa542894e0080048183fee6dc584627

SHA512
a8a1e3f9bc7a5955b747e338fa44b357deeb1444757394975f6756b02d724fddb2a5fa06d821545b09551aba4495bb938bdc73c84650ea51c4f19bfc20aa1f88

Download Submit