1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fad

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
Size

119KB
MD5

372813f63d43e5312479b88e909035a0
SHA1

8d2e39eb7a409db7e3683e73ae98fcc3472f0043
SHA256

1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fad
SHA512

04339837977322ccd534b2520234e5057cd0eb23beadf3d07dc25563848d6604ef26e0fea66bec32ebdbd50c8d6c650bf26cac94f3dba0ac9fa048b5de40d087
SSDEEP

3072:6e76BtEkoIAkeF0RNyreZ8PRmqIZq9awE0ctUiQF2vUHFe+0AkyyDfEmU0RFWy:Re/EUX

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2913) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\SplitMeasure.wmf.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe

C:\Users\Admin\AppData\Local\Temp\1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe
"C:\Users\Admin\AppData\Local\Temp\1fbecc3887ba3b68ce982416907116f88d325fe5238bc45587e78a9569c33fadN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
120KB

MD5
9cac7f9f527504e5976ba7355f1c45eb

SHA1
607372e154793108e4f2966883250799877d5687

SHA256
3245380f4b959dc18001559cc07bb29be3272ccca1541897a18798c23a8ff3d1

SHA512
f2d16bf01b21125c928dfe405d6b5e9f87d8c26af29b927fba61dcd6df23820f7e213e7a00ec752de68763234e8fb974b2244e569f359a57d9bcc343df0bb33f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
128KB

MD5
a3a2a8052bf701273e65f1a143b39a1c

SHA1
dbb2416546fcacf829f97ad9b48aaa3c3a3ee2a9

SHA256
03388f821c0aece7783d175236a01ad9e5d7aab14555466884096b0416b8280e

SHA512
e156bf59a89ef2adc1a42901cbcaabb59b3ee6118203e1a05b47f08b8d78061cccbbfc385f8415f5a2e3ec368c82d2522db48f2fa72c383470ab0cdf8f6a6a45

Download Submit