5cfb439b8041a4e2df9c4fd667246a0a74f54d5efc925064f09c16c335888685

Analysis

max time kernel
119s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/07/2024, 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
Size

52KB
MD5

30c6ed25a6f92aecd6dc2bac0c8bc4d0
SHA1

2eac7f5d2afd04298e2daa95d97aa7b97e041ac6
SHA256

5cfb439b8041a4e2df9c4fd667246a0a74f54d5efc925064f09c16c335888685
SHA512

8a0c560e19573c6e51b40b0408a6eab241bc2e7a499eac18b9593b2bea05eb3f0ab521caebe7d1f202c3b128cd0e526aed30a87a6fa25316c8a3fb72912aac9a
SSDEEP

384:GBt7Br5xjL9A7AgA71FbhvcOa5elAa5eluC5c5pYKYm:W7BlphA7pARFbh8QbC5c5p5j

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (939) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe

C:\Users\Admin\AppData\Local\Temp\30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe
"C:\Users\Admin\AppData\Local\Temp\30c6ed25a6f92aecd6dc2bac0c8bc4d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
52KB

MD5
8bd13db768ee4fc73ac9c29bfba2fc11

SHA1
1bab7bc1c960b52f036e6f2d367bfb636c5d8463

SHA256
dc924853bbdec31ea649dc9f139b872d8768eee33a58682ffc290fd910eb132f

SHA512
79fb44d4c110119a38d1fd8ba85264c250747f04a7ebdd9c690e59d42b4f0a65efc0a45235b56662861abab76304f8b62d46eb2ad273036ba3f0be2ec235692f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
e1e4e832b6b9a466b0b6b9a4eca5324b

SHA1
6137c40789a67cffdcb4344cfc8013347c752d01

SHA256
5dc73177434a8f4358c94d7a21577b03271b8df7da4d584778156cacbf9cdd21

SHA512
df189724aed520902ee660f80d0eb7125f91954b92f1f00199434057b03648099004f0710de3d6ed05d1daee59fe4da710c60af412ca1cda0cba672eb9b3c8c6

Download Submit