cb281c8141bcbaacc181323e36cb1051a0a92eb270fd44b398cf4c55262f7369

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

150e0f4367173283b13eb90dcba50290N.exe
Size

64KB
MD5

150e0f4367173283b13eb90dcba50290
SHA1

61b44cbfc22fef9a26ec67c03e1fe1543c5344ac
SHA256

cb281c8141bcbaacc181323e36cb1051a0a92eb270fd44b398cf4c55262f7369
SHA512

38ebac21807625a1435f100b3622a48aabc6a7b2104a7187ae7e8f403be74ad216b868740a9f567b2d19758a27a0c8517d4c6c2b06acdc6f5f94a4d297b26a17
SSDEEP

768:W7BlpppARFbhwEnAAJ+AAJ3LnmJARJA3WzWiXxX2oV0OiJfoV0OiJrWK9WK+tf8x:W7ZppApwEwnmJARJAaXxXHJVKIKZWjW9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\StepTrace.bat.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	150e0f4367173283b13eb90dcba50290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	150e0f4367173283b13eb90dcba50290N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	150e0f4367173283b13eb90dcba50290N.exe

C:\Users\Admin\AppData\Local\Temp\150e0f4367173283b13eb90dcba50290N.exe
"C:\Users\Admin\AppData\Local\Temp\150e0f4367173283b13eb90dcba50290N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
64KB

MD5
ad94c267c935bbfb1e0c598a235425ad

SHA1
e72a68f1c4c4ed5256284a416e7dc23714147040

SHA256
016b2cada2fbaef4a2cbb3c1c2f38dd94c4717450ef14b6d9b07b36bcb325578

SHA512
0411ff759e74f70506a4858062e2de156edb8d955be1a676a4d8be591dd12882681d8e8389fb9b4fcef4fe996182cb863d01d274a8487afae1ce0d2c26fd8b61

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
73KB

MD5
f350131762866dc0e427cce21bac5ccd

SHA1
1a1a4c4c13f3c50272772e7d5dd2ff2600526e7a

SHA256
6fe800f3a9c744c33b572a9cfd97d2d9a4d154eaa44a965d9896fe19531b9904

SHA512
e9a173837067aa7e9fbb12fc1c13835be57129ebafe4f8a6c642423e7abc7a7b0917004584df224ec3504a4d2af5a2f4682bf836faeec833dcfa6bd96092b75d

Download Submit