f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
Size

51KB
MD5

0f17e4d4ca384fd3af03229cade975a0
SHA1

c0f9f741297fef05e731b3566eef6d05829fcd49
SHA256

f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76
SHA512

90b1d220eec0aec3d19c27f65521774ad9681edd40c3ef17bb2a9be5ee293228c4ea3ed2333fbd95663315609e3194d1a752c468611d9a362bc8091d9477ab52
SSDEEP

1536:W7ZppApBMyKoIWbsHfySkT5GeCyi348oWGRPOzkjId6q8UdrSD+kCoIfL2YwqAF7:6pWpBMyKoIWbsHfySkT5GeCyi348oWGh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3779) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\micaut.dll.mui.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penchs.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe

C:\Users\Admin\AppData\Local\Temp\f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe
"C:\Users\Admin\AppData\Local\Temp\f8240ccba1eafe1b070e3602a0d0e591f4997cdd053420363ea85348fe748b76N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
51KB

MD5
ed170a629d5678a3088307223e3ac9db

SHA1
815f5fa054b5a477c494fe28f9393cb61a06b32c

SHA256
1268c05981e00f0130fb59efc811db89d0844b9f775f16cd70746731ba23b70f

SHA512
463fd2e5a7c111894464f65c7d3b5552f3e9f79471770d94e8ba85c56dacae4529822da645f4714a29584b89684785b3c6bec6233c1c7607aca34a1038d571a9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
8d66e0e7e08a60f0988fff97293ba38e

SHA1
c22678fd55045e5a01cd423c38d5492e94f5fa6b

SHA256
b5ef3db219458fbf0143266149f9ce304ae70b1949b3161b62333e85f1af9325

SHA512
025b9c3469963c354d81278ddfa604261ccd6f799cfae2d487e19efd57e9e3c8cf874922f6d3db71e38f7dffa94e7833d3482df47645a2fa8805c0273c0b675e

Download Submit