cfcb516a733cf01c13ee2ac8363be1177404a23f4912d5afc37c96c8617477fb

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af2824476e9cf531e9091d772705fd70N.exe
Size

46KB
MD5

af2824476e9cf531e9091d772705fd70
SHA1

53b4135d0d49ecc4994d2d8d1352e8097ead49bf
SHA256

cfcb516a733cf01c13ee2ac8363be1177404a23f4912d5afc37c96c8617477fb
SHA512

9f01aabea91dbc80913f74e7bb051c7ae935c56451c01f3fd318705aecae171e82cc750c95eefbd8f72e9e146a4ac422f46f98d67c8e2d4dc1c7edc7d50e4617
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvgqHqMjL4jLS/3MMIMy0U0czyKbNzzyKbN4Mdp:W7Blp2sspARFbh5YSfjynfWK9WKJdp

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2727) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	af2824476e9cf531e9091d772705fd70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	af2824476e9cf531e9091d772705fd70N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af2824476e9cf531e9091d772705fd70N.exe

C:\Users\Admin\AppData\Local\Temp\af2824476e9cf531e9091d772705fd70N.exe
"C:\Users\Admin\AppData\Local\Temp\af2824476e9cf531e9091d772705fd70N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
47KB

MD5
20c3515be26c764b88d0da93a15ba383

SHA1
600d91b5e733d88a46605d236f35f693e609411c

SHA256
cc0ec53460174750523dff264b9bdcd63a96914751d0a5e82352bb8d27d8ad4c

SHA512
d2c3b115ff0631e26853d11f10b00e33a39b82acd5feab027dfac5eddb46cf46fecdfb635f9484d9e2787b6631d87e693eb1387d14ded3dce43731697562a2b5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
f405768b7e69b151bc6d086541202e55

SHA1
21cf1a7069fd3d18055bed6827b54996703a1ed9

SHA256
9c0461190a4ff98ab8823c6f6c2f3e6cb1613fc473a3c0234e8c7ebbdc024f21

SHA512
33fcad6b41e89d4f8e7e3b1297d081dd8ccd207ced30485480ebdd58c0d9d1cba2c38182ec108383e97f98caae26f94d244055fc3c843dec396755732de8933b

Download Submit