58a0ec8974e4ded2d8c27bb0d2ba7260e836b0620bd220461bff541295acaa5b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 19:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

edd0430c979033231567d7c6233cbcf0N.exe
Size

59KB
MD5

edd0430c979033231567d7c6233cbcf0
SHA1

0b3527f34c8a8f38c88b5588c8637052b39fd98c
SHA256

58a0ec8974e4ded2d8c27bb0d2ba7260e836b0620bd220461bff541295acaa5b
SHA512

0895a5d3b85fdce9fa2b5d0f7c33dbac6cac56e29c4c81fd49ffa610996fb5ff5fa125c5a17fb2c13b5482749cba9e5b00ce1533eabc6d10415cbeb90cfe3d2b
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtUK4F46OK4F46oMA88bRyvkijaTpA:W7ZhA7pApvOsOKjv46Ov46MbRsjaS

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2817) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	edd0430c979033231567d7c6233cbcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	edd0430c979033231567d7c6233cbcf0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	edd0430c979033231567d7c6233cbcf0N.exe

C:\Users\Admin\AppData\Local\Temp\edd0430c979033231567d7c6233cbcf0N.exe
"C:\Users\Admin\AppData\Local\Temp\edd0430c979033231567d7c6233cbcf0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
60KB

MD5
5fc192a3f854a34e8eb41948e50545c4

SHA1
520e0ab93886b33005d9b2514a6fd82eef93b242

SHA256
01a848ee107e1e55a5db2e1a5086da0e97c991c347917fbdac31606697ffd9e1

SHA512
38cdf89d4c3fb67bf07a371c712757eb13b8093ce7bbe52d7e034f35c9f990f9c5004a6e6f4390208244f1b3cbd53277547636f6b203fc10fa505893c5ac933e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
b9553cde67828dd452d81d0f35a773b4

SHA1
3bc9c6095c424dcd40d3fae69f1267c103e505c5

SHA256
3a01e8506411e16fb77561493f300be4475d3dacd47ff8a930c46fcc01fffd98

SHA512
44f583d3e2c89dd71432cb35a1654b15edade0e8069efb1d42c586dc2c746ee122f09c274e20232be1984153a3639976c7b0c7ae4765f04b0bbf99c7811f448e

Download Submit