63da49a101677f051ca492079d439402b2316c67ea786aa9ff3c57ae5046ca1d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4587ec5f87a22b22d5c7e20ab19761a0N.exe
Size

47KB
MD5

4587ec5f87a22b22d5c7e20ab19761a0
SHA1

68952ea4f7f30e23b3a5c2b5cfc3ac77c288aa43
SHA256

63da49a101677f051ca492079d439402b2316c67ea786aa9ff3c57ae5046ca1d
SHA512

190db74cca31acc5e0d3f105667287be7f5e2911115f01b28f82f95473751e7af1850ce5f3eb03bb641641f472f9e03d2ac8f21af380c667d15a2c4eabc02213
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpZi4w9i4wMNFpOyPRRRTFMu+RRTFMuf:W7ZppApBULcfpHLcfpVwhwMDpOyPRLKn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3261) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\OutGrant.jfif.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\SaveSync.bmp.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	4587ec5f87a22b22d5c7e20ab19761a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4587ec5f87a22b22d5c7e20ab19761a0N.exe

C:\Users\Admin\AppData\Local\Temp\4587ec5f87a22b22d5c7e20ab19761a0N.exe
"C:\Users\Admin\AppData\Local\Temp\4587ec5f87a22b22d5c7e20ab19761a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
47KB

MD5
26a8b0e799f4dcd545521a951e2f3138

SHA1
e81480958cf46710e71f964bc5629393d5d94700

SHA256
abf08996ad2dbf3ac81e79a5e90741cf8dcfa36e0d7096fb9f161a4ca7ab2d7a

SHA512
d1c85ff775ca20065dfa8634d3dd42fa2fd6878bbcb3f9d24882e83f9f058d74dabedb08b0b01d258e70f313f6e10985f27d54752eaf1414fac766f88f68498e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
7ad34da7e01d786feddadd59cf613e5c

SHA1
6cf9d4245f31b34a989ef5a8495dbf685420301f

SHA256
c9f661bbde72a7f076e567ca3fefef19f216d352bdb3468b301c342d3eb0e7fa

SHA512
14d6db4d165b476283c79571d2489010fee935015540ac3017e8a693c02f69b706e85ad6a359e959ab6cd84f2cba79d5323bb2ac2081805d994890bd097a7521

Download Submit