21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71a

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
Size

54KB
MD5

a307d72e6af2d9db4e8499577ace4420
SHA1

98b17d567b02b95e53a5f997d2a7860ccb0f1146
SHA256

21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71a
SHA512

1d162d567fe02154fe7da14aef974090ab689de2209edc6c71bd91e6f326cee31fd8622dedf9fc75cbfe682bf9c74e74d1ff55e8386c62f25e79b943964eb3ae
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpW/fSwN1J3DCl4N1J3DClEutB:W7ZppApBULcfpHLcfpAS5tB

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3126) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe

C:\Users\Admin\AppData\Local\Temp\21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe
"C:\Users\Admin\AppData\Local\Temp\21bc6223990fd4de22b51680eb6ee8498d4565be47cf13f7d8c697743a94b71aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
54KB

MD5
6e4d180667748f7b276ed27643c8438f

SHA1
09e841974375935edad0975121ab503f70304179

SHA256
6ce7cca7c35b0d6fe0fb8bd818a33deff226fa2e334c660dbb4795a8373729e9

SHA512
6115e77a082b29f99e8a4a57e401e9e56ce956d6ba0127c4e9c80d1400a0ff05f7f290fddf63d74ccecb2be75cfae8c53d4509fc9ba4d715be62bb0d0ac86dde

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
e011995f9d175dc68341430ee2cd39b2

SHA1
b284929167b60be106b5e53329fc884249730654

SHA256
087817de127e437a88fe2b086b6a6e45badab69848ce896ff7c6707c61529c58

SHA512
689428dd3049118107757f90ef0fb6c0f377c3fa96dae99dc4a7d6162b8a8fb91cbdd0f64286425ba2d2199575191dd1194b19bacc5f16ff486885d103634a71

Download Submit