5c2b25f4910fa0a82f1944d692928f35e9aa00c5cf566f37f0aa95770e221da6

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65711a937a76a438ab4e789e858e4350N.exe
Size

36KB
MD5

65711a937a76a438ab4e789e858e4350
SHA1

5c5d297eb9305c7db5f8dbb8f07a57812c4c2633
SHA256

5c2b25f4910fa0a82f1944d692928f35e9aa00c5cf566f37f0aa95770e221da6
SHA512

88a7b88f1ba336d29ae1d3b56528bf9a9d7022c686e2a57131a9ab80042546b923f5dbac62859d68b99eb33a821f4fec60f3ca40fd369b89de99f8dc3027f42b
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvD5QASWSVWjWyV/:W7BlpppARFbhjbhL5QbS1V/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	65711a937a76a438ab4e789e858e4350N.exe
File created	C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp	65711a937a76a438ab4e789e858e4350N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	65711a937a76a438ab4e789e858e4350N.exe

C:\Users\Admin\AppData\Local\Temp\65711a937a76a438ab4e789e858e4350N.exe
"C:\Users\Admin\AppData\Local\Temp\65711a937a76a438ab4e789e858e4350N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
37KB

MD5
7a42a01929d55964a3b1b881f98b5486

SHA1
5e6d0333f88e5a30c14f2ac2b2a36f56213f24ce

SHA256
314c61c49d66fcebb7706c710740b620838e9a1a48631c3b16462b1c2549c08b

SHA512
c8cc36645ccbdd66f4d6a0ee355e3e877a51bdb51f93e6cb615e3d23dd302e95cc96c3e8ed967039c339907f2c3464e8782224f7891cba568e7c7af881a90d58

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
f97c8556afa19ba1d7a032cc060a5148

SHA1
6611389b4c951ce06e84d81c7b70beffea0b3b24

SHA256
78aab27c4c984ca048e7046f971109696ce2d01e066926f618c95eba025a985c

SHA512
4d8af6246e6e98dee9e8e6d72524d6bbe49534d316200a6bca5d3cd248a95bec230807ef12cd62d4bc5cb6fe1d2a564274a6816335bfb7b623d45ca0be4acffe

Download Submit