a097dd40c7eb68db26315413e0c5c86977489afc77b92ebeb66452137418628e

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

997a54ef3b0699a5fb43aba0925f1d70N.exe
Size

40KB
MD5

997a54ef3b0699a5fb43aba0925f1d70
SHA1

72eb1bded41be78364fa347027fa31580e4e5f3f
SHA256

a097dd40c7eb68db26315413e0c5c86977489afc77b92ebeb66452137418628e
SHA512

7f79250925c87b1702bd237cb465c28ef472d4384c4c55dc8bb2b2f4d58cf83eed93ecb0163f955fc28bd4203a367116397787620e1390cfad35d9e0f0125ea8
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHBDPeLS9I/sExeLS9II:yBs7Br5xjL8AgA71Fbhv3UnUN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2160) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	997a54ef3b0699a5fb43aba0925f1d70N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	997a54ef3b0699a5fb43aba0925f1d70N.exe

C:\Users\Admin\AppData\Local\Temp\997a54ef3b0699a5fb43aba0925f1d70N.exe
"C:\Users\Admin\AppData\Local\Temp\997a54ef3b0699a5fb43aba0925f1d70N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
41KB

MD5
69fc15782c20d29eea8683b1fb62f2f0

SHA1
1e135260fccd435e8c7ead60904fb2b4011c4ba8

SHA256
d88956ba5d67eab75209764caac61be6d43654532a987cc92f78236ec210fa8b

SHA512
0ff0a260cffd750f5107f2490897e774d422810585c9dea28dcb9134b31ac8164a5301f72f856c4060f475b3fb33b0fb6886ff20408b86f508e21f5928621ec6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
ab63d4bc18d7c649e33063d0235304b9

SHA1
3a43b8249a337e83e89c23699cef7c47654bba92

SHA256
8f5195a8bee21559a887475f5160de06438bd1118cd305b7409373b7c615f22d

SHA512
085cef58bc4e0a67780b76f83aafdffeeb64af50974adc19ed66d0458dffc91e41d04f51b97a1260838e2e04d33ba2fe1b779b5f43b825046c8048360fee09c8

Download Submit
memory/2980-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2980-124-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download