254398804bf96416c778e37ca70bcfd8ce21a8a227bf1110c5a2e04e1aa85082

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66f84b078340fecd59e819d475d959f0N.exe
Size

54KB
MD5

66f84b078340fecd59e819d475d959f0
SHA1

5bccccad5ad39e2d6c2cd2bde7b73ba807111dea
SHA256

254398804bf96416c778e37ca70bcfd8ce21a8a227bf1110c5a2e04e1aa85082
SHA512

e78738422bf1e2cf2a41e480270f863419e11c7869744d00d03e2aac3172388ded42ab592f6a943e8ff00fa4bec4435edba3e29ffb96f412cd02aaccdefb7c31
SSDEEP

768:W7BlpppARFbhbt7Y7wTCg0hcM0hctIwScIwS/VUA8VUAW:W7ZppApN0hcM0hctrfrZATAW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3246) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsFormsIntegration.resources.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\CheckpointUnlock.html.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	66f84b078340fecd59e819d475d959f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	66f84b078340fecd59e819d475d959f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	66f84b078340fecd59e819d475d959f0N.exe

C:\Users\Admin\AppData\Local\Temp\66f84b078340fecd59e819d475d959f0N.exe
"C:\Users\Admin\AppData\Local\Temp\66f84b078340fecd59e819d475d959f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
54KB

MD5
598f38885223e578e7625d54ac2d486c

SHA1
e50b07688b0c6d0ccb3192d38300390b8cdb746b

SHA256
4fa645a7c5d3bc97193a47e48f181a4b44ad2192320af62e6f6dda151d7ad8d0

SHA512
c399e45bfdda87e1be8e14bb0e638af80ff785ed6a7d9bc8aef03bcc6a0ba9af47702a0be1a2fa92962d675080ad746672ee55969fae044d14e02ae669736922

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
c9c8b750e76df508e3f42821c18be3b0

SHA1
1eb2572c6f828eca095516d2c9b67cb9dfc54102

SHA256
af3c60b6935fef9406799812284c55c4d5f0fb188a2a388bf6b7459211bc162d

SHA512
ebcda6e444e6165489ec82bd93584354b8d20ba887673dfc9a4257fcb362d5aea3cebadabdb8257a13c63dc897228f9900c22ce22be181525cf434fe3a8ea971

Download Submit