89952e91d04a1ac393a8525c6f23a27fb810d39c37e425c9cde0ac3f90f66da5

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f0adbc2ac967656d0e9ff90a4a6c9130N.exe
Size

48KB
MD5

f0adbc2ac967656d0e9ff90a4a6c9130
SHA1

6d1e79313309929a3ddf013e1326e3fd32b82604
SHA256

89952e91d04a1ac393a8525c6f23a27fb810d39c37e425c9cde0ac3f90f66da5
SHA512

37301a1958c31a4d5d15b78b3aa7cdaaa30d45f416d751dd0216dbdcba7118233a48f1977dbb800ff10fd3c45074fe9be7111b8dea923d65e03c75618f57e4a5
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLmuH9uHVoX+OEiJfoX+OQ:W7ZppApBULcfpHLcfpyD9uH9uH28mW30

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3396) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	f0adbc2ac967656d0e9ff90a4a6c9130N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0adbc2ac967656d0e9ff90a4a6c9130N.exe

C:\Users\Admin\AppData\Local\Temp\f0adbc2ac967656d0e9ff90a4a6c9130N.exe
"C:\Users\Admin\AppData\Local\Temp\f0adbc2ac967656d0e9ff90a4a6c9130N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
48KB

MD5
eb7d9aa20516c6bfeec73600afcf27e0

SHA1
ec0534927f2014337d7b0957ed928fdb6d7d7c45

SHA256
dceff6f3237b0e1c4b64e65a81a3ecb4c736c36b4376131d8b1c2a61203f9d40

SHA512
062c99e7d42ae6df1aeaea0aa224c3d2a47413b262a861da707458096fa10a8bf3d1ad6007e0e4d526b09cc0f2953586ebf8b14004041511760d115e1659ccc3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
647e2d48c64229696774da6277ec10a8

SHA1
fecf44a60538ec16c4838098f9e0322b7d03d3cd

SHA256
5ad8a4cdb3a85d30f039a4d830a9de51174eb5dfeac4fd51bdf9b01b7c9d13f3

SHA512
033c38e35e37162140225780bad68a03aa3f1ef17f00059839ce03dcb37f4825a7dcce04965ff8a4dea417805c057da2014dca7b4128a38e731ed18e715223dc

Download Submit