b6bed7e8dced1374399cf4ffc14729fac4ea2fafa536e683335fab2e9d5ab273

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8237abddc56c9e81680c1466e3c7fc00N.exe
Size

47KB
MD5

8237abddc56c9e81680c1466e3c7fc00
SHA1

f416b598554e2011a7e89c33f05dded27136b105
SHA256

b6bed7e8dced1374399cf4ffc14729fac4ea2fafa536e683335fab2e9d5ab273
SHA512

0be3bb45f252eafda6706ad85223e323c31051111e56ad4586c7f6aec8c8aa200a0d2b4aca65d7cde60043bd4f21bafda42a6193b389f966fc7622f5381a6686
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNKVkVYlIAItCJzyKbNzzyKbNlpsg:W7BlpppARFbhFAxCJWK9WK79

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3089) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	8237abddc56c9e81680c1466e3c7fc00N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8237abddc56c9e81680c1466e3c7fc00N.exe

C:\Users\Admin\AppData\Local\Temp\8237abddc56c9e81680c1466e3c7fc00N.exe
"C:\Users\Admin\AppData\Local\Temp\8237abddc56c9e81680c1466e3c7fc00N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
47KB

MD5
6c5a2a2b7d642172e8cb77f8e50bbfd8

SHA1
890b03b29e98019d4142f6810947cd9b1c5debb5

SHA256
e42957005c06b670c38ee5c809732f09a6d0b87d1137cd9a24893891e9b45d3b

SHA512
0a806d89e593e2b0c58d7bb21484c1a9591059f248d92bd118c9b6e7d7b0db7be7ef813bb12cccd15d90d83399a7e98bd10c7273f3928b7dfaf3bde4946ae296

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
9dc979a07175c5aef91564c6f855c19b

SHA1
b3be9d276657e39418bde4f4452623e14bc361a7

SHA256
97929344fa2c5612dd1be3c693e0d3b0fb83c58a506a821023d8159a029178c1

SHA512
75a4faddd92a1224f7b1b63dd01e760174175b04ef80b649b844539513cd3219976fcce33561b6f99ce7a99044e4a5b1aca8a71ae95eaf11e7d70bc27984e829

Download Submit