cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
Size

73KB
MD5

22ebee9fa5208ef0f9a92d206631ad30
SHA1

0e1593c4d4dee346e96e77316c24098a8b4ce025
SHA256

cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819
SHA512

22f6492eab550bbca2ff9e2c3344cd565932ef55f113d061049632159d58dcea2b7f9ce7f54fc83e049dfdcd1d48a576971733b8bdb3baef57950b31cf423740
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/NwmxrLX6X:6pWpBwchcV2WxrLG

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3286) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe

C:\Users\Admin\AppData\Local\Temp\cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe
"C:\Users\Admin\AppData\Local\Temp\cc7209b07792e794202d9400b1c6d98f4753aaadec2ded77eea09572a3f9f819N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
73KB

MD5
31e682a2ac4d2873835219ce508f68c1

SHA1
11a4830b72730666afbf12da123e8719e0735317

SHA256
1cfd1d0a3477049a1b5a82ed297656add64581fe713a61dfbc4d14523c576f63

SHA512
11780b04e0c9301b13f5e51130207e15cecc4336c80052c2b7dd8899e05ecbe80fd34eae34f5f36aa766deae28f1036ed30fc4b7d569b9d35ccb0182e6b3c0ca

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
e18f4eaa856566b97bf0ebe678b2766f

SHA1
9dc43524c2b99730ca3ef648a0e9585aa7e1467e

SHA256
5902853f2e9dccbeb2a98f6cd17eaf1ee4c49cd7189a64e1eaafa53aa394d90b

SHA512
37dd924877c2fdb645883d1cd659b23e7e9c7657ffb479b5d5235ce8c0fe3e43174e280dda697a766f9528fa6b31d7e4cbf43d9e4c04b60b189db8c4326f4238

Download Submit