75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897e

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
Size

85KB
MD5

3a931649b1eb6fad82014aa94efff390
SHA1

a7763220fbb634ad32349887af7ed6d978f1f836
SHA256

75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897e
SHA512

5372516b4a2ba07d01cfcd36233fb872a9b54ba6931e2f2622fb8596fc5f8921bf6b6848ddf5bc45c169cb1f7fab26bf606bc027246f608e4aa8bc62635f45cd
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggBoFoP:69WpQE0zxgBmw

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3144) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe

C:\Users\Admin\AppData\Local\Temp\75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe
"C:\Users\Admin\AppData\Local\Temp\75bff44e98f2c6453c75ab9ffc091f9a2c01885b83d9a365f7fc576dc908897eN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
86KB

MD5
cf43b89c6468d27745792df347c96270

SHA1
7ba059274cc4451c63648b4622d73b69951b89f3

SHA256
3b38191effa6c6658089dae6b508bd89f57e645616eb10f5b1c195ec1c1f6d53

SHA512
d963ab8f28c64c506bc537f55f50b734af01c79fa15bbdcb8a9bc0e1a0e9abdfa75f3bbeaecdef4f1e51a2d7eb708e20e7d1a5f6b216efa787d3752e9a647557

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
49421dca88b3305bea683975d95afc7a

SHA1
c51917cbbf248cd43d90259828ba4d63eae9b1ce

SHA256
2754f96b6019fda5912346337e7acb43a3440faec0564b581c900c7daf8da3dc

SHA512
23ba8748a15ca4610c77143cac197d21812b3f23712e576a8e7bf59f7d86e887b00146630b9eff42ddd005f3682d4ff1858a5583e9373f12fc094ced15db733d

Download Submit