3e492a21d1ce788c39521e017adfc7f35eaadea97f3c205ef7bd778e19aff135

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 03:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6fcf49f173d21455ec2f57f5d181d090N.exe
Size

52KB
MD5

6fcf49f173d21455ec2f57f5d181d090
SHA1

553558576ffa0bba15a4d37081990f196b130c7d
SHA256

3e492a21d1ce788c39521e017adfc7f35eaadea97f3c205ef7bd778e19aff135
SHA512

492aa95e915c10e6f8de2c576501cbd278090fb0ae1d7a131773b20f9f40916d06d75575208fb32bf5a4ad2daad18137b923f41167bffeef2069b6e772a060ee
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7lSKSW7afHFCSW7afHFFI:W7ZhA7pApw03vR03vxSKSWu0SWuTI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3342) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	6fcf49f173d21455ec2f57f5d181d090N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6fcf49f173d21455ec2f57f5d181d090N.exe

C:\Users\Admin\AppData\Local\Temp\6fcf49f173d21455ec2f57f5d181d090N.exe
"C:\Users\Admin\AppData\Local\Temp\6fcf49f173d21455ec2f57f5d181d090N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
52KB

MD5
b46250add08de4f95ff599e414b4da45

SHA1
80bdf2b3c90fe472b15aad0c1ddd1ef1a9205ebd

SHA256
14fe2ed1975219604c78d3aef33e8726be4f758e02b77d9fec0794615d757bcd

SHA512
0a7cc0fe404146864cf591fc29c3171085649bf8dea126f08cbf13c59f5337b070e2f7847d0ece084b8f7b96d24907e16d53b0a1994c31ff101873c7f3010412

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
79cc915b8f7902902d2c22eaf5824a60

SHA1
2eeff96f90ef2167e256a81affa30166bdd931f7

SHA256
10158ebd1ddc88808a0fcec9affeab253b702e1b4aaba8a329cbcbe00ffe6516

SHA512
9a225f8f8e1d1adb5281d5b24a145f97d1424ff7aa4738b15fd528abfb434d4dba5cd953165a60b1146dc56061600b3b368fb387629ca179924daae9ff67c2ef

Download Submit