ca0e3aa6ef84b5fd5aa03d066b8a74727a2e304df26db3a8d783668e7ce1eda2

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acc9e144e81314d70f5f1c6adccbce10N.exe
Size

45KB
MD5

acc9e144e81314d70f5f1c6adccbce10
SHA1

a1754eb84c1c0854daf8a7828f9ff3cf7bae56e6
SHA256

ca0e3aa6ef84b5fd5aa03d066b8a74727a2e304df26db3a8d783668e7ce1eda2
SHA512

220cd44a453edeedc2ee02c6411be299282ee9350d2a388dbcc4103cc320456380914750afd3ec808253ed947fa9ddb3e295a21d635f3707f87724123388ae35
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5n4fZ9Z34fZ9ZE/:W7ZhA7pApM21LOA1LOrtkpt6k

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\GMT.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	acc9e144e81314d70f5f1c6adccbce10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acc9e144e81314d70f5f1c6adccbce10N.exe

C:\Users\Admin\AppData\Local\Temp\acc9e144e81314d70f5f1c6adccbce10N.exe
"C:\Users\Admin\AppData\Local\Temp\acc9e144e81314d70f5f1c6adccbce10N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
45KB

MD5
4de281b02db41c99d8a7a395e5d6673e

SHA1
94411d911b4f1f43c5fe768dbdc723c1208fbec7

SHA256
591a69b38f306cb1ab57cac7125172b740dda47f2fb8cac14bb84b395396fec8

SHA512
08f10b00955ebcad614a007677fceabc4aa19b880f359426fdee95d647b88400816f1e94cff5c31c9e7b6364601dc1bdd890dfd065aa28e51ab7c0ed8fdc85a9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
9c9f22ee6e893cec936afc2a41d1f061

SHA1
6b7722c6f8439e487917668948997cff135656b7

SHA256
f469287fb6c07b270bcbcd3b702bdc81f86747a77c3391a78d88503f1f0d8f3c

SHA512
84e836f73c80d52de6c2736f33452c1f00918d5e9f1559d600076336d2b71406ef39d64aeca580b17d8c8a4795038c35c8e4a71ac9e93546cc3af1a48bf8879b

Download Submit