fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
Size

83KB
MD5

afced3ad833ce9023481133005f034c9
SHA1

c49fe0697b97f8689842bfc1a06baf099e90495f
SHA256

fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a
SHA512

4cdad8e093ca407e01b46b23296949db859dac200476272bc422c91a3a41d954ac44dabca5b3562771b2a36d6d8778b85dc53891131a31bd51651dcf9a71ea6e
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReY:W7ZDpApYbWj2WTWJe+e/qXhgA2E

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe

C:\Users\Admin\AppData\Local\Temp\fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe
"C:\Users\Admin\AppData\Local\Temp\fc84d52bf2373ee501e389c76225f6779cda05fbaa4fcb20f95c6d90a736d83a.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
84KB

MD5
3a9c0205fcdcdaf55ad6fb7e58ad6d66

SHA1
85e0f60af5d8af16d99f1e0403faa2efb09e650d

SHA256
e70dafffc1fb119976c45f5f18b68a3da5a4983201c00e23d8f42c38c035a47e

SHA512
c468ae0a40e3151437c9954140bd2267a21c61609a91ee3905c34fa73d0b1629947e738385578ab7f4b914feefb39ef74b2a1c689ff35463357a4ae98a7a1c01

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
5716a12e2f808d771525049856f178c4

SHA1
e532bb106916c5e4280b3170f1a34a91e4bcac70

SHA256
46ca97afe25ecf6fd299da92f8f3d837c3bee919d3ce8b30317ddb48d2dad213

SHA512
8c23ffe0bb8714b48ee0d0460611f37435880d25c626841882ed6a44e31d60f0d035cb2972a6df3f8df818b4931db0eb988113568b4c9de5b70eae841f26c295

Download Submit