6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64f

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
Size

40KB
MD5

cbaa84be8862e7947735eb57967c7580
SHA1

3cdcbc58b46f15a28e31f43e89a31723e470fdff
SHA256

6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64f
SHA512

c499b1309dc2f5209914469018bcc2599788537ce3a918db34af65e57cf140854c2b2014812c4636bada83075922f92a8cea95f0790b2c080560c82379e95a73
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSF:W7ZhA7pApM21LOA1LOl6vSF

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3343) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\ConvertToUnpublish.mp3.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\AddCompare.shtml.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\ResetInvoke.js.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe

C:\Users\Admin\AppData\Local\Temp\6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe
"C:\Users\Admin\AppData\Local\Temp\6005d3d119af146a73498c20ddab65a168a164b047d3b2b4c3ba924370d9a64fN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
40KB

MD5
c6fe049af24add174c846df8d7840c86

SHA1
396f7f2bc3ee66a2a80dc69479582e04e0498795

SHA256
3a5a8e06fceac6e9ce873100b40696c51b6475180103de082260efc109723ee4

SHA512
ab9370942a64a63421b56ec7547b07cc5bd018a6f0c1a4f340dbdac853b96fb49797d032b0ab953198d995ea6616ca295c6396483b687c8f42bd12d5d133bcfc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
fc5fee969a7d2ed0e626e8414098fe91

SHA1
32721c05cd828f1f9f59ddce00c5977024e77d18

SHA256
71e7772460b167bbfa449638d00eb3aab549286d07e46e43fa19e25c285a55aa

SHA512
bc396828ec6c45483f7e66f1f55360ad50c1cc47d44ee4d633a4e57d85eaf96ab563ffb2aa57d0eabd438ae7f5ceaf1532262069a263dc000b21ed94f0a7e22a

Download Submit