0e1c060daf40232877de551679c2c509923a856627bd53ee6e2ac9918d417d95

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-09-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86a10655b1ea379d0d45c06129a162f0N.exe
Size

45KB
MD5

86a10655b1ea379d0d45c06129a162f0
SHA1

69ca9ed923b934758a90a8a6204cd922394c81f3
SHA256

0e1c060daf40232877de551679c2c509923a856627bd53ee6e2ac9918d417d95
SHA512

09c21193250975f5dc3471308e281e7830ede27e0aaa1d6a17feda0f8bc91fc89354372c90464518713764d23520c6689fb15203506f105b4c2f12a44f00db82
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFXpK5c5khwRDThwRDE:W7ZppApBULcfpHLcfpyDA6swXwW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp	86a10655b1ea379d0d45c06129a162f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	86a10655b1ea379d0d45c06129a162f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	86a10655b1ea379d0d45c06129a162f0N.exe

C:\Users\Admin\AppData\Local\Temp\86a10655b1ea379d0d45c06129a162f0N.exe
"C:\Users\Admin\AppData\Local\Temp\86a10655b1ea379d0d45c06129a162f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
45KB

MD5
0fad881526511fccd31ceafc64e3b46e

SHA1
197cd354e3d68202c1aac42c388b248f59dd2da6

SHA256
83f2729ee3c9b8f10f69ad0071f34d91304e6bf3088a8414996008eb174dcb86

SHA512
0fb21b74ec1dfbd96ea87ae2d156811b9494cad58d15304b965fa97a92e2508763147ed45215811d482d0843d04f7c5b2cc6983cb83eb8dfc8f462513cb6f69c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
ff51c2fccb7d8bc14e90c43384fda90b

SHA1
00ba2f158166eb3277893bb0c445931e1852dd76

SHA256
2499b379d2b6e4e222db419eef1111646867be9dd2fdbd785cb5c281a89c1b52

SHA512
bfc145a3638c7c9efd124e3ea805539378f6f441e3700894ae620214f0fff6477adbe66bdb76197527276b0ad66c1bdaf475506b9d680552a746554ce8d3b118

Download Submit