0d29126aef2a66b0a72d7213988fa54f4281f18c9c4e05cee69fae36a05620ac

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

462352107525eba9d5d46bf5d34f7f50N.exe
Size

55KB
MD5

462352107525eba9d5d46bf5d34f7f50
SHA1

2dd0e96cfb824d7d46ec3a973a4cc015508928e8
SHA256

0d29126aef2a66b0a72d7213988fa54f4281f18c9c4e05cee69fae36a05620ac
SHA512

17b45e5a45f3731962301f3dc0cf67747f0ea4bc44e0cf3cdbf47967b1b1367b176796b944afde0508ee81aaaefae2c163dfdad1d4cf8c6865ac511d0e662081
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFdakTkXnCPdUPdsbK/KDoh/OXiJ2AOXiJfoh/OXi9:W7ZNLpApCZuvIYXYCuabK/KA4B4U

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3108) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	462352107525eba9d5d46bf5d34f7f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	462352107525eba9d5d46bf5d34f7f50N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	462352107525eba9d5d46bf5d34f7f50N.exe

C:\Users\Admin\AppData\Local\Temp\462352107525eba9d5d46bf5d34f7f50N.exe
"C:\Users\Admin\AppData\Local\Temp\462352107525eba9d5d46bf5d34f7f50N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
55KB

MD5
ec785037f2831d19f404f88867ad760d

SHA1
bdf004a7005f14c83b6b0d606398d6dbb3eba64e

SHA256
7a07b9cf19064b543b48356c6e4f95527b7c6bd07703813d3ef42addf6c5f275

SHA512
77d4ef808e64a3f2848e23d9ab92301788578cfa2a5a3761e3df699a0770efc6d38f600a21e484870c4bb6d6cfe61c4774e70e33b73556eabe1adbf62fb5258a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
c759c8dde7332da1ea1c63d86ff56e8f

SHA1
a122ae435659d680832922505b63421faefefe4d

SHA256
318bccd6c35d261b133fa5b40305e3fbbf929684cfa81af884ca8a22a42e8465

SHA512
471fddbbd2c3e474b69e7ac0622a669b361e24edf22a086116310b91b9b0d1fa8c7f74c54cd7713c17c53a8b8ac282afd1e5058e26e3b552df46bb4a30a695db

Download Submit