6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fb

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
Size

53KB
MD5

4a5d00c8f0838e9045a20887968fd6f0
SHA1

ff4d2042df31b4779ab7a632a58299cb630260b3
SHA256

6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fb
SHA512

10fb98fa3a8c4d2c1200aa2332010b27069099de1256eb74925eb2571b6625a858cf5717502fbcf6ac2803558a3e540e92f950100f10e70e91afc2a018ff3c92
SSDEEP

768:W7Blp2sspARFbhVgNNHpQRNHpQRxRYstRYsI+Pe6:W7Z2sspApctpQRtpQRxRYstRYsbe6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3257) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\OpenRename.mov.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe

C:\Users\Admin\AppData\Local\Temp\6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe
"C:\Users\Admin\AppData\Local\Temp\6811b7794c540037d3e13e638977c4b119331382d3717707b582983cb641f6fbN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
53KB

MD5
34b898ee47d0a823aa13cacc41806ea4

SHA1
b14ecabebede1d5468b3accec347479bd05ca6e6

SHA256
63fa0f2fb3c4db6009366623d2d69608da084639cec86c3361c504899ffc6a85

SHA512
59c80128aa7c8d4bc5582ddfff4a889354f021169b5b2781bff186abf8a8924697a241a43dc5a48ee17f3db0ddcd5001a8abe9600d8d468daf1769d943e985be

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
4e0e10e326e2fb77c219737e50f08314

SHA1
7fbc3db7000e72ed3e8f43186ec8b020a4db0255

SHA256
80b7e7494cbb221656214bae63665c3e7a2f3fbf2501dfc3bca91e0704ccfe97

SHA512
1567090f8d7743c40a83d3523e6471c007f9782e84eabdfbb6d3e0f58167fff5269330b1e593c56f7892ab1d2ef172799319cdcb7988a5b141b1d490741cd731

Download Submit