c448d0b927837fa95a33aced941a00d32cbff6cf94fc630ff77520fd26d1b99f

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

014aca964cb761998a4b96eb2747eef0N.exe
Size

50KB
MD5

014aca964cb761998a4b96eb2747eef0
SHA1

988d5722db17f35deee5e3e5f55c38b8b2ab3c86
SHA256

c448d0b927837fa95a33aced941a00d32cbff6cf94fc630ff77520fd26d1b99f
SHA512

c8994d3bd758a6ac6834ac389d8659767676d7fc72acf70305862745d0614a0a64a47566a22bd9d7bf8632317e625506ac976dd95c19e15a6a1db40ab67f353f
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNKVkVyicv1Hicv1bCYCcgqebNXgqebNw:W7BlpppARFbhFAyichicRPhgqeBgqe6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1395) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\desktop.ini.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	014aca964cb761998a4b96eb2747eef0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	014aca964cb761998a4b96eb2747eef0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	014aca964cb761998a4b96eb2747eef0N.exe

C:\Users\Admin\AppData\Local\Temp\014aca964cb761998a4b96eb2747eef0N.exe
"C:\Users\Admin\AppData\Local\Temp\014aca964cb761998a4b96eb2747eef0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
50KB

MD5
6ad0572b5ea6a27ab9cb6cbcab3534bb

SHA1
b04f42ac7bbdb2ae142d420b71027e0801935554

SHA256
c231b0de8eb818934d1be52301fb316539f7d54b863819545e4a39223611127d

SHA512
195041f9f3c42df7a3432f73f0a5026537645d2dfa7cc2bf587f241ca1f2a1e3ab4e78f66276f822d837f571bc00a90583fba1b3a86007ba3c53506a60225c7b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
7f7f319556857b1c2b6baae0c594f579

SHA1
6eed305c358fb27b7f8f8dd6c824bd00e64df5a6

SHA256
65ebca679ed006c71db777f0c72743a0f5dce2f6e862b19f954dac409c12937b

SHA512
d322287702297171bb73e9308f2c73fa6a43846cf4b565ef9a27fef36ffac02b17932764474248fd3a44b5aabb6615a42c55bf21f96452682ac27c2feeffef09

Download Submit