60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
Size

41KB
MD5

7067c6243d7ee466914bb196bc8a5824
SHA1

4fb96bcfaee13f3fab4ab33d63374e05943d8abc
SHA256

60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453
SHA512

df8ea199e7bfa9c00529138d40785124bab880f152e821ee0cb7bf5d1bc0ef6af658c8abee397da69318a64deae6a7f7a47f008f188ac0efcb6a866df3b2846e
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lKeUeQ:W7ZhA7pApM21LOA1LOl65eUeQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3586) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe

C:\Users\Admin\AppData\Local\Temp\60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe
"C:\Users\Admin\AppData\Local\Temp\60eca71aa609f05eaa5595a77d3f972877ceac6f046f64b3f600d75a1640d453.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
41KB

MD5
1fd92684ca8b94e93324ae31c428a507

SHA1
e7bfba4c24bc652b08afc75e237dbbbc2a1e3e38

SHA256
228311452b444d696996751b3f283d8247fa20e4572081d3052ecd7bc31e0a66

SHA512
43f13d9a07a667875282eac9f5f5f34cc5e136bcb182290f7077feeefa27308f491b1baab1b0ff598ebbe63ce8bf62a50c430a7ec3347864e53a088d9cbc9b56

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
8dc8c37c54cf43b7ff1b747c4f348c11

SHA1
c71f755aaa47b8d4f881482447476e9d7677f3a5

SHA256
38e623d7a9d7b554951b004078b5476d66afd6ba34961b56bf9e971451764098

SHA512
0d0148909559a85ce2e6e12bfcf1f05bf1f11f39792edc2954d4592cb81bcc426d983ea4b854313114f4ad363075dcf0be8d932ad241f4893d519ca8e9dae6b3

Download Submit