cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809dd

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
Size

87KB
MD5

09e7528d6f8898efd2db84fb8ea215a0
SHA1

cdda47e813f5ffe3e23321717b6b0fa6fbed9efa
SHA256

cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809dd
SHA512

055ed367c6567500054f2dd6997314f08de554e892b734b9369fa0f4da6f7d05eced15a89bd1507da8ae1196ffab0f1d8aa4250b0048d30aa32adbe1b06c89a0
SSDEEP

768:W7BlphA7pARFbhM0KW2s9B4b09Xgd7jylZqzpEPZD:W7ZhA7pApMaxB4b0CY

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3089) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\vlc.mo.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe

C:\Users\Admin\AppData\Local\Temp\cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
"C:\Users\Admin\AppData\Local\Temp\cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
88KB

MD5
9329dc58035758f73ad886279c5618e3

SHA1
29f1ba127e34ea3a5bbc561323cfe43c8dec0ee6

SHA256
283baeb3348e5e0fb5365c930db468fdd001110f606f20f8df5c217028cccb80

SHA512
3f71709dde0f1b2c195f0f924189187e84f0e22a07fd33d094a06ddff6695a7377d111492e21a5e29cf5e0833bae0b0c02b8c0f0a8f2a0253771e8b45462d5db

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
52d8ad00c93044b08eec18d945e1cb79

SHA1
b32005e583b376f1812a6ed4f16cc4734a75c86f

SHA256
09b5ffc863f2b4b3d125e9565dd11ec74b8c0f6e7c7e3040dfe1ce3e0b5daa31

SHA512
223b3f00219521a12bc408301005bf2676488ed1f8c520c1182fafa90f7614de1f4e5d4f6d2ec7d1ee48c55d40c9844f4db0cc70255532634d5177824d0702ca

Download Submit