64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158a

Analysis

max time kernel
120s
max time network
14s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
Size

44KB
MD5

edd944a5ac2a89833a8ecded908ab950
SHA1

f0d3774d7d7769fe7395ceb0ed302ce7c95a2148
SHA256

64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158a
SHA512

35ab2158cb30ec61d3f8c4caf3aaf908f650e1cf29c34902e08f6a4fc12408511124b2fd2c29ec4e5d99500fe96e667340b99e2d42540217487925c660aedae1
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5gSup:W7ZhA7pApM21LOA1LOrtkpt6I

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3338) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\UnprotectCopy.vsw.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\RestoreSend.reg.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe

C:\Users\Admin\AppData\Local\Temp\64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe
"C:\Users\Admin\AppData\Local\Temp\64c21d73cbdfaaff800edb029422cd496c76ea9829e5cff2f57de5d8b703158aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
44KB

MD5
9c97f06d219e8563cf7ffc2e88a97ef1

SHA1
6ddca23e141e4286d99490dd63273423f0496d24

SHA256
3982d6db87309cd220f153396d3f4856ed472f0bc4fbcf05d3b0ceedbd50b6c9

SHA512
e35136f666f6ad15801579f8b500189b6f328aa06d2c12c25ce8d88908f5974da0bf0c7b0aaf5d8faad0927647499b57ab3f8c4c13f839dc60e4f1146bbae2ae

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
07de4714666e2284f76dbad37f1f336e

SHA1
556270a0ad6793253087e6b0b6efc39b34d9aac9

SHA256
1e2f8a75473b688a495cf9800e6e086e998ebf852bec6d8a5c7be127f9469ffa

SHA512
9007db6154dade511cddb5b88a6a3c8623f3a65722947b09fd2ead9999b2cbb52a48ba9bcd721d1c136f71e1898a5d9941024a7151b684905d1e313900c5c5c6

Download Submit