cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634b

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
Size

39KB
MD5

98246f1cbf78ad3dfbf87f632dfdc140
SHA1

5b8780ab47bbbd58796fafba2d18d5a0a63cf822
SHA256

cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634b
SHA512

fc0e9c3ca65bfdd2998cf5953d0881f5eca41f294f3416db512e0c83a398cc54cbae9684fd47d26fc551133bcc885986ebdefb6649a36789f793e38d9fd37ced
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpdj+/:W7ZppApBULcfpHLcfpQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\RedoSend.M2V.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\ShowProtect.vsw.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe

C:\Users\Admin\AppData\Local\Temp\cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe
"C:\Users\Admin\AppData\Local\Temp\cf7155839427189fd028677e319191eacfd161c568c96262097815c9ddf2634bN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
39KB

MD5
cf125c67e61241be78ff833675009b49

SHA1
f2fbd771086b508fdba2646a3f97061a66392469

SHA256
b1c30385c4fb2b32321b0b54e6f6d00545bc82257a0faba8fa05c397c2e4ea15

SHA512
4c56c8e4ecfc4fdc45410da69beaaec748aec18af86ad750a474d795188d48b8d035a4d21063380c7c60195961999ebdbb176007986200636901958f21bd98d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
a93fd4249516cfa9cf252cee0fa6ecc6

SHA1
435ab2657af2dab8a982f2c2a1cd3dc697036795

SHA256
f819a4ed85d02c7a9389b3cab84797dae155f14fe734946bb580d78518c02650

SHA512
3d72e68b03b57afaab9d4354c1cf2d1cb1e1d0593dbf7c2cdd9b0fb28e20b1d5ec859dcd0f710ac8ece8c4a21ee850561cb4d0db1573bb2a2b4d3741a683ae34

Download Submit