5cb3188422454df237c2793c39032b6ae47f68198d0f039aa01501eff69b0f24

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cffc7fce6a078b0c7e5487f2397e5790N.exe
Size

57KB
MD5

cffc7fce6a078b0c7e5487f2397e5790
SHA1

9ca1158c703cc06a789437b860f7ae6759c88bc0
SHA256

5cb3188422454df237c2793c39032b6ae47f68198d0f039aa01501eff69b0f24
SHA512

c68126d9e1190d1ef6c0a6b8c195d7219101cbada7e98c0883cb91cd6a1dbdba0a25cfc17d478dae44fdfdf18f2eeda9d2e90512183bbdd6a1cd29c97d94cd5b
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyfxAkJhxAkJl5H5NbJtZbJtt:W7ZppApyVyjVyv5H59Zt

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\RedoReceive.xlsm.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\SkipFormat.fon.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	cffc7fce6a078b0c7e5487f2397e5790N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cffc7fce6a078b0c7e5487f2397e5790N.exe

C:\Users\Admin\AppData\Local\Temp\cffc7fce6a078b0c7e5487f2397e5790N.exe
"C:\Users\Admin\AppData\Local\Temp\cffc7fce6a078b0c7e5487f2397e5790N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
57KB

MD5
d34a8d11c382108a53cdd9ac16703b96

SHA1
67869dc20a2e47442be2596dfce18fdd97c99322

SHA256
8751e21822d256e53f65f9e188b49ca3bbb25580be1161a421e59dc19e993e21

SHA512
8f264e2cbe0caef2b42ab36c6915b107df25f009765af80587f396a00a61f0c40f49cdca586492739ab1c5aabcf749d12df4af77bd5c37053e29738f42cda1b3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
892eb6a20beb6f5eda6bc4d957764715

SHA1
871a1c4140df04e0ecf3996b97919d510223408c

SHA256
df852458701ee4606783267f00c76abce288e492177272b66bfd183e5975ea83

SHA512
3d3d702cf1d42426c8fbfaaf15889e725da3e82ab03cf4848cc3bacc95bda05831e77abc24e5a19381a4e98e9c73aa852b74337583d0aa6e34268e0c5dff4a30

Download Submit