06edb03aea9d7454c1b04e2b8d1b93ba4302a77282c7cefda6defb9ed6146938

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df5b831e1368c90f4e11667cc142ba30N.exe
Size

46KB
MD5

df5b831e1368c90f4e11667cc142ba30
SHA1

0e39500a3b9b48f1ec83d42e50faafaf4357cba5
SHA256

06edb03aea9d7454c1b04e2b8d1b93ba4302a77282c7cefda6defb9ed6146938
SHA512

b399cd812fcdc93dee78ebc6fdc99375064137ec80ecff7b8e917a6e15122fceeaf58ab92dcafd73d38b53e4a055db39c3e6cff1df3d29997e7751e16ac679be
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV//Mth:/7ZQpApmicth

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3104) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	df5b831e1368c90f4e11667cc142ba30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	df5b831e1368c90f4e11667cc142ba30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	df5b831e1368c90f4e11667cc142ba30N.exe

C:\Users\Admin\AppData\Local\Temp\df5b831e1368c90f4e11667cc142ba30N.exe
"C:\Users\Admin\AppData\Local\Temp\df5b831e1368c90f4e11667cc142ba30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
47KB

MD5
6f69c9118992fb7eb7d52162f4d2aad6

SHA1
23f7b7a9e01d826f3260b908c12ee4f9c4c10a28

SHA256
8078b24480a78347423789dcfe9e812d01b53bbf2afb8278cd46c6322a1f6164

SHA512
ecb4c9326fd6cdd28222c74c14080271ec355c2470062547c7f4dd1d209eb4c01dbec9dd94fff4497297a6a14f0e6b9cf561518bff608124f5a33631db6d3f93

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
a84da9a19c1d222da5f8ec9f748117b5

SHA1
d50a46d45f7ad2ba91eb364cdb8ac4759356028a

SHA256
c60581474c1b5b20121f720a71c3c6ab1a2dbc52f7117819b5027711601d4706

SHA512
e93bcf2839dae5ef0ad9b853e182a342bcb969e384afb3b2a5b47874f673227eceeb8a4527a81051a757e6938e6411e7fab0ae763c498038569b6b71179b2167

Download Submit
memory/588-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/588-646-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download