7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
Size

57KB
MD5

6e201e50e1b4b85769c104108f762ff0
SHA1

af8407e497bbcf5d5168122d716afad72de8f060
SHA256

7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0
SHA512

c769c52d3fbb19d9372bf8dc384d0a52378de7d4b259950612245020ec0a700ace1f0fbfc6478286f919d88ce93c64d74eba8b1ba3db77bcbd5b7a31881c264a
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7lSKSW7afHFCSW7afHFF:W7ZhA7pApw03vR03vxSKSWu0SWuX

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3769) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\RSSFeeds.js.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\settings.js.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe

C:\Users\Admin\AppData\Local\Temp\7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe
"C:\Users\Admin\AppData\Local\Temp\7f689f893f4f9bfa4301fd1e5db2b5d4642a4fcbf35d5e3dc7d4d3786439f0b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
57KB

MD5
13bfcadb3394f4f22e09750fa2ae7cbc

SHA1
5ceafeae237f0e799188d57b4ef23fe62db2a2e7

SHA256
15efd5f8b2b337d0f8c6307626494224a5e95fa86443b6975bb5ac3516a20f79

SHA512
612fa28f39d0a409d3b8cd1ae35670a5ba5180b2bc8986b089811052c81ef37784944c92e72fdbd8880579bec21bedc7f41ffb1150f87fa42b97126d689601ea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
74545feda582cd6dadaee69b07c6a029

SHA1
fe1b97790979c15d5bd9e27c56d703298bcc2067

SHA256
6a2512911825af4cd1292edd0b75a1e6d23a16cdf3d53616d664aea901a4be6e

SHA512
418f72884e792b487ec3998c429cc81d5b71af51e4e440a60301953652fcf959bb3af8697191d19cfb34c24993c896cd7738eda05cc50a7637d57ff1da30b3a0

Download Submit