86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
Size

53KB
MD5

a879adb87a144e47b87b46f7f63c7a0f
SHA1

10b86286aa2fbf1d7af3a27264a7aaaf81f62393
SHA256

86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35
SHA512

5d4fd3b8b4420237d882219171b58ee46176f12fdb4a675063363629836bcfae55b68a2d734997abda71faf8ba4666af335713d99d56bfea967882128e909aee
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1itvtTJLJk:W7ZppApBULcfpHLcfpSo3fstvtTJLJk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3731) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe

C:\Users\Admin\AppData\Local\Temp\86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe
"C:\Users\Admin\AppData\Local\Temp\86a83558c0f210bd4bd48e78442eeba365f273b2647c3091649789d230c60f35.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
53KB

MD5
4272f90474d1349bd1df987f54f2b7e8

SHA1
c8f59d11943d35b2da4f7d47adea05e0cec4a3c7

SHA256
ed7b9fa14f8162d0fa99ade1f3fc39289f8edaa93ca370937697c6590cdc9271

SHA512
6e5cb979a2ee821c33ddf2079ad930bb14fffbfbb5ec5955c08fec70f7e878d04750903f35627ff510a89df9d71aa49d35c2ecac1b264193d1f99c57f2a5c7fc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
198a983d4660e83f31f0637213d1f397

SHA1
75e8042558bb86a74bcd0f1c9d7560f82fc07120

SHA256
d3ece0e163fecb13004de5a044a500f06c5dc69d91a1537f1f1cde4ad50aa80a

SHA512
f2579990194865a5071e479b4f85fdd557c1881ddb0ba822783771f243a401cdcb193e734faff79dd81578204b8ebb679015bbc37fbd91a5b5c2d8dea710367a

Download Submit