a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
Size

38KB
MD5

f332fcfa34e41aa67db9be66d39e7dc0
SHA1

d51f15be5e39f419516717c53314105b30ea6ecc
SHA256

a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39
SHA512

55ffe60370e3d189b0c3cd76025ae4739ea85c1a2e203051245e8d48964a936a6cb5df82ce261525ef07dfe3b3c78e74af07e2a249d8c6b0129c28b55562bbf5
SSDEEP

384:yBs7Br5xjL8AgA71FbhvsIzaApAyJO3ApAyJOGiKp4:/7BlpQpARFbhxztpAyJ5pAyJZp4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3418) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\CheckpointInstall.TS.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe

C:\Users\Admin\AppData\Local\Temp\a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe
"C:\Users\Admin\AppData\Local\Temp\a77662d7795eb03658693f72f770c701d60e0ac69309fb1e6be497df57de7e39N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
39KB

MD5
2f19e2fd055ce7779c38fe678fc0171c

SHA1
67aef87ba4ee5aca5eab1caa230a58d36f2bd492

SHA256
c95ed9962dfcfd1efda80a7fa364ae6f8e3c14619f4d95ad09e92be017cac77b

SHA512
06e0ca2091c8d36df76fa416fa657a048ddea41d01690da2a9c64b65f985c4c1a6fc1b427c17182444bda1b5e301fcd88b149e10d8411e47ce428898f4adb932

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
dbd3753b147f362f2e5896eb2c23b722

SHA1
23fca7927f7a4b53cea8ab281eacfca15a1daef0

SHA256
bbc9e5bae088124623f71b9817a7fbc1d2dfd753fa33ad772af9aaf870763fcf

SHA512
c83be02f18642e2afd4187cb1b240d4d8b2154c891abd8254b30efaa9d9b5b95c70ef446e724631d7de89b377869f60389d050362e472c1765aa0c2889630faf

Download Submit
memory/2692-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2692-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download