0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
Size

60KB
MD5

ec98139b86b3cc47351f06647a3c0c2a
SHA1

0cfd225e43d091de141b66375cb4f547b107af42
SHA256

0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a
SHA512

606038429128e3e3eea8aef5291bdf09c277a423209c6f87f56760fa9dd905e634750df7132f205041f9aa08cfb401eef4b2af0fccaadfcc203e25b870efcd51
SSDEEP

768:p7BlphA7dASbS+m0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM97:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8p

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (780) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\InvokeCopy.dwfx.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe

C:\Users\Admin\AppData\Local\Temp\0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe
"C:\Users\Admin\AppData\Local\Temp\0722efb5c3aa49959d9a8ff67b8f2a4f261651e12c8f4eb9858cd25a398e566a.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
61KB

MD5
d71519f0907d1a36da8aea0a27a9d10e

SHA1
ac280710d9f57c960b760d040588a11fc22c3911

SHA256
26c9864fad508e657b715249ac10951422136f766088c4770fc572ff08c20073

SHA512
b4b4d1693d209c7373dfbfcffd4800c8d49a88b423446d4c6734524b7c8a8902681b274519e0c1350ac1b3e503f4ab15a47798b03ffa4903f59108e015321eda

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
70KB

MD5
77277c6df3c5e2299db5f3557f2007ed

SHA1
980dc10da3c1b96a6f939f247d5b9ca8faf175bc

SHA256
4711876345c29d3cf8e6d5b6d362f3a181718661221a0402ae2f8e160f878a07

SHA512
82cebb97b910ec45b9ea33bdd2d7b3adb987188a0d4dd968834a4779460b67251600816bb7a7aefe6b03a1ae504405092e1f618dfdb55398bf47f7477897c5d7

Download Submit