d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
Size

55KB
MD5

24fec01ded1263c05ff218dbe14320c8
SHA1

21c6a52b20d9144afcc605e73d9ec0c89b5ba7f5
SHA256

d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc
SHA512

1867cdd3a9c3b3194a4c0c2c1b85cd4c1a703dc9134aa0776b73af7228804e7a29d536b1e4c61514bc9be8dce1d7588a7f5ea0ea5ef2af463af2d8c5360ccc8a
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFdxyJLxNmUgbLf24LxNmUgbLf26:W7ZNLpApCZuvIYXKtNsO4tNsO6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3266) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe

C:\Users\Admin\AppData\Local\Temp\d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe
"C:\Users\Admin\AppData\Local\Temp\d534aa91ca5809c844c7e71905c2f7a7d9b59206931323c74bf6d6e76e1d62dc.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
56KB

MD5
aafd329efd8425935d07bdb01fdca26d

SHA1
afe21709624aac2fe8ec477c9d6e22f11edff9cd

SHA256
0b191a893d8096703234031555c828b8b00e72d94752a316735993284d8f8a6d

SHA512
6e1776d721b8c7b623133790c21e442beea61f55133d9c4b484871aa48e3119873c0594c1ee957489c2f4838c60a477ba37f8543490ba29f8e183896c1cd6f13

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
0eb02bd91464877ad5dcd3e919b9d4e0

SHA1
2cf9b63fb9e8db36c41da41606d8ea11a5ab8bb8

SHA256
44f06d20645cd3efc7dc4c2700932672e771cc318e2814b710168b4fd11e380d

SHA512
ad0dccb19e368b774d628e6c33a49ca2ef3ff4e4d502210fd183241a97b8e212263e2aa2541e24eac41a08d67d7e216263266f139984fd1ff51c6e9335f41387

Download Submit