a455e30fac4b7c035b5c8573e6790b8aa52373bf3dd9dd8bbf8ad080ba6f6735

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0782ca9cd4f0c64bb76c603c9db10ed0N.exe
Size

45KB
MD5

0782ca9cd4f0c64bb76c603c9db10ed0
SHA1

80387ee939e23cd7e121b884651833077ced6c9f
SHA256

a455e30fac4b7c035b5c8573e6790b8aa52373bf3dd9dd8bbf8ad080ba6f6735
SHA512

5a509548339d5995e21ce6a440f6d61bd2cc699e1a4942b385aef1e1a3c95e57863e2b1ff7b335740a87e65f93e01b3e9a7849e1c0e268d33485ef4f3fe4a6a4
SSDEEP

384:yBs7Br5xjL8AgA71FbhvlcLclzwzKR5hrM1z4R5hrM1zs:/7BlpQpARFbh6g1IKR5hrxR5hrd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2856) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\BackupNew.vsx.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	0782ca9cd4f0c64bb76c603c9db10ed0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0782ca9cd4f0c64bb76c603c9db10ed0N.exe

C:\Users\Admin\AppData\Local\Temp\0782ca9cd4f0c64bb76c603c9db10ed0N.exe
"C:\Users\Admin\AppData\Local\Temp\0782ca9cd4f0c64bb76c603c9db10ed0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
45KB

MD5
7cd0d241bd6e5f7930b5b4926243bde3

SHA1
705611eff3ee5cb1dc94483276d4b64e8609653d

SHA256
fcf407c3b8b5846c87b335333e8b99e680cbcbc865116465c72c27751b43e897

SHA512
752531cde1d2d23a6085f3da2ce0bc59b8463091ab342a5b55e36be726bcc8def2b8f641643be09ee7dfc91c312fb7bd6b0a7854e31cd3b55123f23e20e86972

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
c0600d7af2427b19a0960dd1d483f49e

SHA1
a05af7dc1ab61abe5de72765982769937a3219f1

SHA256
18d91f23ddfbef5d4ca2eb713916f03528152e42276a57605000dab201dba917

SHA512
8227b5cffa14db2cb48139f89444d6cb2cb18c3177f35cbc9c855a9ea0e4a8fa149398c432a28d4eaa37e395b46a94ca30d4689e36c7b82992e506f35e6b0801

Download Submit
memory/2676-3-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download