cb52e8b8a9e48a35a4e5ae60aa840471503ba41723d8db0cae48c530cf46e037

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 04:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

479b85b07e4bad1fe1c2bd7773fffdb0N.exe
Size

56KB
MD5

479b85b07e4bad1fe1c2bd7773fffdb0
SHA1

c630ba833dede0fcd07402c56d350c45059e7a07
SHA256

cb52e8b8a9e48a35a4e5ae60aa840471503ba41723d8db0cae48c530cf46e037
SHA512

f36a539c6609b2bfc2b9fcc72d6cf8e5e043bf09f36f7a2f89144ae12df06bccd93bc9d9f7f8f8ffedcff2d3938f7548503dec92c3f25e482fd1303024523294
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDlvcYNnVvcYq:W7ZNLpApCZuvIYYoYoN7n9M

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2838) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	479b85b07e4bad1fe1c2bd7773fffdb0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	479b85b07e4bad1fe1c2bd7773fffdb0N.exe

C:\Users\Admin\AppData\Local\Temp\479b85b07e4bad1fe1c2bd7773fffdb0N.exe
"C:\Users\Admin\AppData\Local\Temp\479b85b07e4bad1fe1c2bd7773fffdb0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
56KB

MD5
3299dd8d18eede5c137505efe0e712e0

SHA1
b406322de7769f3d4fe6773776d1bdfd1e4f98e4

SHA256
a3f0c96510968d29f3f9fa4aa62c708e2d199a7d27620a8bdb781d2b269c82b4

SHA512
f7ffd8f435e6f69f3f3dd69745a0d1d580ad65fcad07cef69d7d39f1f9915a72b3fa8067ce725323e5dbbbfe2a518fe5289e24172b405c8d7f53c6aa190a1180

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
de112f86899e65b304caffd3496a514a

SHA1
a5f4c5f300711fbdb487e42b7aeb6d801ab26cc3

SHA256
ca96d4725d672b24b1b0d566e6645899b12ec8d424d9b49e00c29d4417b118af

SHA512
54aef9420f5f422aa448baadfba68948807031e12b5811b310ca5f7f2cc32d67d13b971b85ad08cd42b38053843f8684fb3abd936d87595583c41ac3c72becf9

Download Submit