a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
Size

36KB
MD5

57fdde5319c37ba788afc48bc826660d
SHA1

cb63cbef3a67955e20e8fe3fe5c45b02bf53b0e9
SHA256

a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e
SHA512

76deab6f7232cd59221840a88280772b30f2732a7d11874cbfcc31689e0e4cc0c8a7fe0a757eb6822344df86ebe99b44281f6a530edf9d227548a11897c5689e
SSDEEP

768:W7BlpppARFbhjbhQYjYY4F2j3TK54F2j3TK/:W7ZppApB1W5W/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3687) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.log.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe

C:\Users\Admin\AppData\Local\Temp\a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe
"C:\Users\Admin\AppData\Local\Temp\a4d19fac7137ee3597c2b6a1ffc236bd9a14ce10319f8b26f76ecacfebc8885e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
37KB

MD5
644272cadaf80a7345cb80e9f8de1816

SHA1
55e378d49b93e525fc441f1748148f154b92587a

SHA256
631c69de2875ef330f5d4ce0c6751f20b03602a333f159eb9400a5ded0fe8bf2

SHA512
387570e7932a97364bbab273b41c2ea50ce39f7719bc4ed86d356952094d417f300fbbdc2c676dc1435235e3f043da2ccb95d9824aeea32b204f4d84ff6b76b2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
4450e043e6a505460919e416887b6d50

SHA1
84ad79faaa36f6d7f125ae2ea6e1dc05138bad5a

SHA256
75c0b104b9580acf00192052c0a02ce271a41d86224a40ab9a70489e824439b5

SHA512
fe88148eca7c93b35364edafb12084427ee49cfe1d2c818664eb8fd7e187d5502dea91fd7f447df26bed118805fa380da95c37631f5a02057fcffab90ebfc4d7

Download Submit