f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
Size

94KB
MD5

a9b41ab07014d59393a2bc93bd361890
SHA1

67fb10c203b3ad4434cc39acd7f00d212cac03a6
SHA256

f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354
SHA512

f6eac2980c3fc0fc80ecd9b053f8c56fd421a1614a18088fbf2768c972314cbe2446fbed1d12aa128d9683432cf0486d56d7fcea5c4356dd72f2a330b81403df
SSDEEP

1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggyaRjvmujvmRzqzlmJgwmJg/SvqBSy:6e7WpHIyRF9ESWu0SWuDm841qN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2895) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe

C:\Users\Admin\AppData\Local\Temp\f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe
"C:\Users\Admin\AppData\Local\Temp\f0525fdafbf730c7120ffeecdfcecaa40ae966d163e93706f00ca1b5ab894354N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
95KB

MD5
00b3b4a2e7853863ecd71583fbdaffa9

SHA1
f94e5639f5c04271333629ef4aa801570ef5ef23

SHA256
7736e5b9b554ff1295457a14039d40f9ca0143d76232936ae5afb8e1ddecd6cd

SHA512
3066cab257aa22ebc8015a2983010bce43dc6d44bd1c9ceb5e4899df7c1bb2b49e2a0f0eedcf6ea4993c863af96c74fc38690fcf0afd3db857885be719fddd72

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
5b071ac9d121c1bb2bc044b71e75d399

SHA1
1dd6f81bd585fc45b48df974bf73cd9687d23967

SHA256
afb1d2629e6a31741f4684889554345014653488ee947fadb0f64b4be659e02e

SHA512
e3009a5cd85e873fbe7212cd5dfcc46c74a0761bd3e446c5133eb09d7e6e9ad7cae9601ea10f38328c78a5099d68460a416e092950ade87b2c51dac0db7fd418

Download Submit