6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
Size

56KB
MD5

838adfc84f9287ed9913cd152dab44d0
SHA1

5274287038a5dcc36263e72939b28b9bc82688a6
SHA256

6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5
SHA512

85dda45008e80b3f93613411c56cf75d9549facaa3817be7cb6577c0471871f3f4d605ea8bfbae794699cfa42bd5d828bc4cff0145bee8d75675c06c5b387992
SSDEEP

768:W7Blp2sspARFbhVgNNHpQRNHpQRxRYstRYsI+PeZjN:W7Z2sspApctpQRtpQRxRYstRYsbeZjN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3248) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe

C:\Users\Admin\AppData\Local\Temp\6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe
"C:\Users\Admin\AppData\Local\Temp\6e40c69df39df76a43b80c028adb37c545dabe414f2251ccb4d41598735fd1c5N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
56KB

MD5
d0427543d24b112959d85597c147b5c3

SHA1
65fe18e228fe2f537357ba204af30f13941f96d3

SHA256
a914aa141d4c87fe70ab3151862d3fb920d3a8c4997cfbd27cd490da1bd7a992

SHA512
9208f346f1b26f05176b15aa3383a983bf3ce874e4ff311403a3e016cd9d6c0ad88fca13246e39f2196234c033eec78b8fb530f4f1e98b26ab5ad1627e59765e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
b18826a46aa0a0a3e698960ddc47bd56

SHA1
422fca2dfebce2ccc9171e3afd09931d7a848d36

SHA256
616ef11763da75d3a67ee218a2dee100ec51732d051351dac8e78dd8445d02f8

SHA512
547794f6ba8d23235b2523d84f38497254c184d2e8635f28dceb16a65ef5bef78243e46ab33bf733bbfb130041e4b5ec5bc30b60ec7ffa2a9f5ffed1b1415818

Download Submit