f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
Size

62KB
MD5

731dd5982867fd01dc0c5b7ae1b619c0
SHA1

aab5d0532da262fe3dd4984dd57c3094b821fa3c
SHA256

f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753
SHA512

8899788fcc1bdd59291e98fb93e306233c9199f52210c61408808aafc113bd12cca0bf2d09aa1734aa79359708817194c5d02543684d119ee06534055e83f9bf
SSDEEP

1536:W7ZhA7pApw03vR03vcltdtSsU8Tu8Tmwzw2omos:6e7WpwYRYUtdtSsBcs

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3121) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe

C:\Users\Admin\AppData\Local\Temp\f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe
"C:\Users\Admin\AppData\Local\Temp\f6a7bdd96e2bc88104d00e1ea1c4b970d85a505588a6a1d2146d7065cf839753N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
62KB

MD5
123322994eaa6ff267b9f1b86049f261

SHA1
3605d60ce45f4daab1b9a82c8c84e7314a311dd8

SHA256
3f6d6705f0a9c37b7b2e8fca0088554f6b8b06d46fc5bcdcc9293afe2de5f406

SHA512
6ca45f19a83ae143ccfe8470e98b2a1190499a1fb3547beabd36986050a4c3b11b90159c17c7731a8dab160322f7bc6b80e6830d86f4d35c5f400bcba0dbb7b0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
018671724c58803fb5967ab2b8323430

SHA1
b715ef09039948e3e7f5d6ad8c4dd005a5eea550

SHA256
38fd4311f86858255362111ad334662f1b3dfdc549f2cec93720f97b2c268c8e

SHA512
3c3045edf7d1337b2ab22b2905232acb8c769ecac2feaf31ba4004836cf3e812fcf4b723ab943fd6d2095454b0a72ba1781f94c828d18c9ed94d0c5ce4439cd0

Download Submit