027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58e

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
Size

70KB
MD5

a29e3bb91af685fb678e4d2dc5984070
SHA1

2012f0a7ea59f577df222218fd60fe5bf040bb40
SHA256

027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58e
SHA512

d436d166b5bc73043f2999e118d28ecf8f45712283e0276f6d63acc9465d2b82ca0351e42e834ebf12386d49fc9327a0e14e118306da7d2de4ddefe40e71c61a
SSDEEP

1536:W7ZNLpApCZuvIYXxJ75sNpJJ75sNpyPIXxXXS+Sy4SKmEQKmE2:6NLWpCZLYFXxXXS+SmKmTKmn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3123) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe

C:\Users\Admin\AppData\Local\Temp\027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe
"C:\Users\Admin\AppData\Local\Temp\027f67a4654a106e62ccfa3206d3136a5e04e6172b2cc96ee406cee1e8a1b58eN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
70KB

MD5
f50f39b6f1175e1972ed72d076f14a89

SHA1
049abb6ada637a193d64a138a07338ead4f49ab0

SHA256
a545ffc6461d962f80ef41fcb4ee72f4c5b9ddd5751f7acdc5cd0e2c4cbe5c65

SHA512
7feb2384870570aec53284b5e1296a402a3e58ee1d5bdcfa641578bb927e23a50c07746cc64d9e13353deda87f476291e45762f62a6ee9adf2b43e7e169baf5a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
8af8c05d540da224be1b7f6a37a8680d

SHA1
4b13befaf27bcbc0c37f040c328f73b3079b20d3

SHA256
464c371be835a4fbb2707c71526f6b1fa392b9895179bd88f29d308748bb9a52

SHA512
e372da49062ce47eb78bd4aff1133f70649af730f600eec734b8501f43e8f685242b66705d9549d9088054da9c7305f3787f9f04ca869b9cf4e04b67ec5f297e

Download Submit