1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
Size

42KB
MD5

be9121da8b3e1fbc74b5b1d212f4f37d
SHA1

c25af461f44fdcbbc50d7678b5bac22e26134f0e
SHA256

1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577
SHA512

d03e3ea37985b2d63792763222702c162f6cb8d041926c6871a5b8bb25894fc447811ad558c8ec9a6e215cd47a82896ce87f072b1badfa32a6eeadf0ab38b191
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyokxlfle:W7ZppApyVyjVyftk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3714) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Mail\msoe.dll.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Defender\MsMpLics.dll.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Journal\jnwppr.dll.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe

C:\Users\Admin\AppData\Local\Temp\1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe
"C:\Users\Admin\AppData\Local\Temp\1b2789cd1b3965ddaeedf82b4bc82e97a9f22912669a4f82730e6add86a89577.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
43KB

MD5
7cb59a944046ff44db5fbeb6c5027a61

SHA1
12c4e35a181b643f358f649e5627486ef6398a6c

SHA256
4bc6ddca2f3bae5c0325aa4a55c0be4b2646a436391a18c0c1e569ea31dbb390

SHA512
231f4c44a7aac91f27066bebfe21ac582b65c813284dfbde5c133f3ea3f518ab9ee91084ccdc4f805e88dc1eb0cb3b909dca48859fa08bc73a6ea4e9fd5d3de5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
6d8ece556963b4cb209f3e72bc37114e

SHA1
aa3aa4157e275a7e7b1db7d3f71aa36753348c1f

SHA256
93d574354947618b8d83804ff3500240c5967a2593973067deb0a6712e018027

SHA512
1592c9b66fb3fb3a12fbefaa77e6e63fe8a5453a43b3c9fe0c0414fe0523ae352869de962f9b8bb79dd510d8771400e6f9e69a5844b44a85a58b1f14d58e86ad

Download Submit