6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
Size

44KB
MD5

864e5f0aef740b15b117255cc5054b30
SHA1

eeaedd721d31e008f4eba0f574bef47a769aa20f
SHA256

6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469e
SHA512

412c82ae730ef8ff62a0c1a108b93cb90fc6f64916799ddb965e2bfd05140db9f043ffeb78f1038ab7d63fbafa520a49d9fe55d58a9856a3d112b69f7543ec7f
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNF2B5dB5N:W7ZppApBULcfpHLcfpyD2jdjN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3730) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\imjplm.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe

C:\Users\Admin\AppData\Local\Temp\6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe
"C:\Users\Admin\AppData\Local\Temp\6caac17d5c75f27b9cfb63bcd132686e3599a0abcbd4e7fdc966d65b12cd469eN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
44KB

MD5
a76dd33309728fc162bccae7eee1bab9

SHA1
050e811c1223dd0c19d9950cb2a440a73dde6974

SHA256
44a1bf6b9841b51bedd1cb4f9d48145501fe375a8a0dcc098cf38a394cda7a7d

SHA512
da432e04ab875bb81e0d1f050dcf69ac37a064b924b1f47b48ab36afca56a231d8f5ee0900b33d5555110efae3368076f55a3500165ed795c2ba663a7d49f6c8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
7e1f5c7086b2076507ba1aac1b3be47f

SHA1
6a102aaa221cb4e1ca4be3e9c026fe3871e469b8

SHA256
9fff4faf15ae0712089835d21951e4fd6d1c70e6762030afd83dd00a5debc669

SHA512
fdc4dfa07feb2f9748bedff586851dd8e5f35a7ff7e7691f77d59da68d3e47e1ee5b8b3b77352ab3e9c69f69b67e5f5e70c2bc8fa46a7496384df2b09cb55b81

Download Submit