988a2c88ad1c5bd07dab66562857772d874b9feca9631efe46c0ba7b1b12876b

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46e1ec899f5a0282b1a89306dda15210N.exe
Size

46KB
MD5

46e1ec899f5a0282b1a89306dda15210
SHA1

2c6ed268b5eb7c88c5f4d944c195cf755e10e9c1
SHA256

988a2c88ad1c5bd07dab66562857772d874b9feca9631efe46c0ba7b1b12876b
SHA512

02abb62c563b7de0753c09d34872e1019eac7b3b8313c8b09066586ea0422f06ae90fea7979855d055bfdf801c91876281f006f0ea00c4cf8b2ff32428d1d432
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nz:/7ZQpApmi6nz

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2173) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\EditSelect.asx.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	46e1ec899f5a0282b1a89306dda15210N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	46e1ec899f5a0282b1a89306dda15210N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	46e1ec899f5a0282b1a89306dda15210N.exe

C:\Users\Admin\AppData\Local\Temp\46e1ec899f5a0282b1a89306dda15210N.exe
"C:\Users\Admin\AppData\Local\Temp\46e1ec899f5a0282b1a89306dda15210N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
46KB

MD5
79ee2fa5ac1190f150598325243311aa

SHA1
380e3c1f83cae8d7384b56a381f66d59fd38fdc7

SHA256
37541294e58c9b49fd34748fb0e4909bf0e715b5b5095f4f6617644908b3c24b

SHA512
33c2b220ed0dd69a831d799cec1edfeb484aa8d2500a01595b8c227711177e96a2a8498d135e2af83fe899e713fac9cbccd7af5c31b6e261ef0e2c4c2d0c0bd6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
db947095749a98e0e8a0238fbd346a3f

SHA1
8c8542da8a31feeb58c52b4567aaf8739c45c10a

SHA256
d8e31615418db8b9587b58d825b618f281b8e2bdbe0b0dcf8d81fd0503ddf18b

SHA512
0db59ce21d0b88374a5cd9fed2793d48343aa22f10821d6b5288881ee71d46cd4a9c83eb2cc0e5029a22ed65ec8949006f6a1fa608df67a3812863e8140bf770

Download Submit
memory/1908-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1908-126-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download