6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/09/2024, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
Size

106KB
MD5

751c50b61df27930858583bd37e61138
SHA1

dc45ecc13fbd5c24181fe9ff9eca8c4e5a5e5d9f
SHA256

6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9
SHA512

66abf34d6c732c8b0bbfdcc014aa0d01b11dfaa3306db42975cd9a06102dea78af9f67df5153210eb9435ef8af04406e8eaafe040ee9b8fdf7366125f552cad7
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFpsJOfFpsJ6Xu:RqKvb0CYJ973e+eKZc

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\settings.css.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe

C:\Users\Admin\AppData\Local\Temp\6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe
"C:\Users\Admin\AppData\Local\Temp\6517123ec5ad03d6a931f4a31ba16dcaa346a862cf198f352731050ffb83fcb9.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
107KB

MD5
e19af5ead10959ea6771d7441cf31ffb

SHA1
fdd163cd7a9062db2cefd79c9bae0f6c166e4a34

SHA256
8d14a0d614237dad9ea5d057e07ab3018bcd4a18fc2990fe17bca1d334f00947

SHA512
52eaeb38bf7e11e00f645a4cd0ec33b5e2606084fc4b4a20d49abe743e6c0ed2876fa06aa70fbd98dd8faf5c609ab4b51a86291b54e50df62ed2fc754c6234ef

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
116KB

MD5
03fab68af014c547ec9769ffd636529c

SHA1
cc97eb7c4a51b57987ec5cfbd03088c67de3bba2

SHA256
12260f3fd64881273fc9e4c1a69fb36df8dacb5b5c8858539aac977156b8d8ff

SHA512
8fcb58372400e135fe0aaac6d8b0098c7513cdae774b57cb58e833a598cff939285e13368c8883addb6871cc5e19096f952d7e754e3ff67104fb7444b52aab60

Download Submit