af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6ef

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
Size

41KB
MD5

8b06ef437e5b23f27a979d7f02514360
SHA1

8f77e1325c94bb0cdb15485ac01b03d80ac5237c
SHA256

af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6ef
SHA512

ea02291e7059b64198215e421cf6c6eabe4e324937f6ae6edb882c31b53b567ad3078a681e50a8e9dc4ac41aee607c9e887e8f0cd1ce506b6cfd1fed90f6b935
SSDEEP

384:GBt7Br5xjLfAgA71FbhvtPcNOF8F0qOF8F0PDXxhDXxW0C2ChWu:W7BlpDpARFbhmauaLXxpXxW0C2Cd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe

C:\Users\Admin\AppData\Local\Temp\af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe
"C:\Users\Admin\AppData\Local\Temp\af7056422409dbb2535897228c68c5eb119c6916212a25c5d2d283381e23d6efN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
41KB

MD5
55ee84ed7b8209e7267d367baa196966

SHA1
f3f878152785a998ca50a27c435742346abdb3a7

SHA256
c7614dfaac0793296fd0ddcea08a6da8556d578a5982f0ab68bf7bcfc22f9248

SHA512
abc063036fbf020070e92b784f58b150b27d3543b2cd24afc083abd5e4c7897a2bf6f820d8064341e716e30380450911648787a9c6922829d57671d8a5f2f076

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
ada0125bbbec1dd4efcb6460c1e7dfd6

SHA1
b447cf8b0a00bc6ea4be8be0df0001c0374d91c4

SHA256
06759ea2c51b17859217bd158068b1bb55d810101d3f9a284873974d23fa2281

SHA512
56820d018f9e3fdf0322fbf72be3aa2a10a5aecb44881ab7bdedb5b0cfc3e24edd41a4e0cee96b4744707faef763d40882bf831e42446d6916672b9a936368e9

Download Submit