d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
Size

55KB
MD5

d57c2d7cc542405417ed3cf03c8e9e2a
SHA1

9f0bebb92cc42f788a9e643fce13f3d03f4cb110
SHA256

d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd
SHA512

314effcc65809d323468c6d4a897c5a0ee2dc37ab53217d494473ec0575fc955bc167777330f2fa8938534c7644bf9c007e506f179680586b81c7dce085add77
SSDEEP

1536:W7ZrpApojswv0EhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsl:6rWpcsHEhLfyBtPf50FWkFpPDze/qFsr

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3986) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\mip.exe.mui.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe

C:\Users\Admin\AppData\Local\Temp\d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe
"C:\Users\Admin\AppData\Local\Temp\d569bb6688e64e437b86c26ed7f78929f5c741facc07b39b17a181f2614c61dd.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
56KB

MD5
63b4e30ea81732614cd69c5cc30573f1

SHA1
c1af4356750603197c46303c3dbbcb7d437c4090

SHA256
ef030633be9f38be71e19a1ff5fdf1fef9ca4cf90180fdb71a40dbf461f5b86d

SHA512
42bd1ab13fea259719cdd9af9b5792675c7535de6ef54da7b34d61c2131d77ac4e88e5240c645e5f7d277759aea988367dec03d93b5f63696ea826b957ea9a56

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
65b376ec9d505da5d9fd04f9c0233561

SHA1
4d414f63f22ac1673f32bf4e4f95c0a0042f164c

SHA256
3c65d8bec07defeb757e678369822bed62ff478b815794f0379cfd4b4d851c44

SHA512
0e80f428b210e9fe8cabe15d3932181f09ec2b4c926860247043ef35d3184f3b8074afba3ab1d51daa6bd341a6c94540a4a80e2236cf992b4b2008a69440f3a8

Download Submit