e750303ba513c69338e0a9f1c372c5f45b6e48f46b34bd7d07030f8d3a5000d9

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f87d0f754a2f1586fa09c25a67cb890N.exe
Size

73KB
MD5

5f87d0f754a2f1586fa09c25a67cb890
SHA1

8ce624ada383b191dfee3d174364b4ef11c0e589
SHA256

e750303ba513c69338e0a9f1c372c5f45b6e48f46b34bd7d07030f8d3a5000d9
SHA512

ff611e9b612f660e81fdfb64f05e78e4ff186b806ad56cc5857fedf9376c7f243c2182cd9e2f2fc123d9c4e7ab59a9e148a4073efe2d54deda886d8ecb9a120a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eTdsdQ:6e7WpMaxeb0CYJ97lEYNR73e+eH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2845) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	5f87d0f754a2f1586fa09c25a67cb890N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5f87d0f754a2f1586fa09c25a67cb890N.exe

C:\Users\Admin\AppData\Local\Temp\5f87d0f754a2f1586fa09c25a67cb890N.exe
"C:\Users\Admin\AppData\Local\Temp\5f87d0f754a2f1586fa09c25a67cb890N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
73KB

MD5
a4d56203856d6835b9967f1548b10387

SHA1
ff4257cb4223633ed24747fb50873fd156e7994b

SHA256
12d2fe6391e0b7a08e3c259d1cb527969f8bb93819465579725456bc692087cb

SHA512
2b70ed17a5864947076280efee70fa684b1ccb23f3c856b8b4934c469f00d124fa2b1cdfa3efd842f414511e3cb3b885224d3064e7db64bf0a6f9a36b2235ba4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
8877dd15f176d45ee3ad8ce7e6b06e68

SHA1
0fe7d3fd93e453fde44dc961dd19a6b1ce121f19

SHA256
c603c6043c529d365ef66eb116901a9b4ce2c9d9b0d40bbec4f7be291ab76418

SHA512
accd6cadcc5a632f7c8ed234da2a1dd8d73f6b9820edd43fe926a778c6dd93a9c9ac09495154a742891e05712952735b31301897d54c1eba597d7c7a95692b3f

Download Submit