2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
Size

82KB
MD5

263e5d8f0848ea1bd67be4b404964f28
SHA1

815b8dc9882c8f5ed1c5bc6efa34a6309ff2892b
SHA256

2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1
SHA512

c7b4190116af4ad57bc620cf5317118cd03b56eb254d71c3e8a42724d2a717d018c616da67effacbb422fd641a816ab8d339787159334e2c3e075b6d5207b02a
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhx:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1356) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\HideNew.htm.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe

C:\Users\Admin\AppData\Local\Temp\2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe
"C:\Users\Admin\AppData\Local\Temp\2647230755e024688461d9356b48675c13784ef059fe79e53cfb82b7e19b94d1.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
83KB

MD5
019b14858b12a65002f85a3c94819db5

SHA1
fdd31cbe1c58073fa4e1049dd0b46a86e36448f2

SHA256
9112e8dc39f056e9472c4dd896385759b393676384ae264ac89b30e13d6105fe

SHA512
4a406545ffc7ca51020e63cf2085f07a8ac0d7bd048a555a9ee6440c388c1d34a3e73fa322691fcb9ca86b38c018023f46142679ad6cb5fdfef77eb344646530

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
b55120597f0f8129193e9c582f7a5375

SHA1
6c2136aed464c44615f0cc018f48cb5e466b4be9

SHA256
e0a3d071d6a4a9d30286d0858901875237efb46663db57ce0d5ab7279d2d48bf

SHA512
6c60e4f20968b64094a047894d414760eb227678d9fd1a5188081e3aa65301911005aab0d76607534b07790562bc9e28c11e81cb54f310aac424d30d7eb85fc7

Download Submit