8258440aca5b4f6ce780cf6ba0a525f483a1b50c25a7179c8837a2433734ec99

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82e993225f94b73cd67afb12b372e5a0N.exe
Size

81KB
MD5

82e993225f94b73cd67afb12b372e5a0
SHA1

8eb068a286da6299a8ca3dd7091f439006098268
SHA256

8258440aca5b4f6ce780cf6ba0a525f483a1b50c25a7179c8837a2433734ec99
SHA512

6d53d09d0da7782f2631c6590da6b0a00899fbc4d2924bc1bc8268579e5092128ee307bfc4f33c2d68cc7e450114fa3aa75d4dc43b23ae1a5d8d687035a9fd1c
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJeFrxFrZY0Ql:9QWpze+eJfFpsJOfFpsJ0rDra

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2161) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	82e993225f94b73cd67afb12b372e5a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	82e993225f94b73cd67afb12b372e5a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82e993225f94b73cd67afb12b372e5a0N.exe

C:\Users\Admin\AppData\Local\Temp\82e993225f94b73cd67afb12b372e5a0N.exe
"C:\Users\Admin\AppData\Local\Temp\82e993225f94b73cd67afb12b372e5a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
82KB

MD5
43254df5fbbbaf28c1f7fc4e8454b9bc

SHA1
451beeeac5bba94a379889e54ec1a75794e61dd8

SHA256
87d6ca20503ac61f38f03bf9243cce400baa25327adcd0b0cfac62b76090307b

SHA512
6e1d4ddb1216c8258c88ded307271578b430a49cd8dd988c5281dabda2267d63ff6fb3ae021946c98a181dab80428c79ba5953f69b1004488787086fefc91ac2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
d0dbe982c6aecbfe353fe99300444728

SHA1
d5c8aa2803b44de60142916da14a328a3ba74cec

SHA256
a6bc50fb249f01e39c99f6cfa64db7c8cdb9c3da2d2360914f125212cf33f9ba

SHA512
79d2ccee8dd7ff9f6f30f9a980e5203b8c3fdb122c038a138c2a938af5f3605184fd3e2f93b58293a71de44ed58795725f5c5566f75f618ed69d683914a2c066

Download Submit
memory/2360-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2360-160-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download