99ec45f9dc8e0aa478e909d02f21c297a99e950271006eed1ef2d69790e24f8b

Analysis

max time kernel
118s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
28/07/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

288285b693ab42881d95d71d04d5d9c0N.exe
Size

46KB
MD5

288285b693ab42881d95d71d04d5d9c0
SHA1

695b07b5aaeda1a20e9bc1598b97a696d4cf851d
SHA256

99ec45f9dc8e0aa478e909d02f21c297a99e950271006eed1ef2d69790e24f8b
SHA512

4c7b741ebcccf9ac0c92c80ac979785e69c0b1a2195258a63cfa41090a187f181d918d3fbf6ff16a8e20856a46034abedc69ae205876a1d8f937a99716d155eb
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvgqHqMjL4jLS/3MMf/3MMy0U0exOewcrxOewcP:W7Blp2sspARFbh5YSfffyn7xJwexJwq

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2811) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	288285b693ab42881d95d71d04d5d9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	288285b693ab42881d95d71d04d5d9c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	288285b693ab42881d95d71d04d5d9c0N.exe

C:\Users\Admin\AppData\Local\Temp\288285b693ab42881d95d71d04d5d9c0N.exe
"C:\Users\Admin\AppData\Local\Temp\288285b693ab42881d95d71d04d5d9c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
46KB

MD5
96d7f4562d0d294c7a6b2a4d7f23b950

SHA1
107f91ae022fe9a2cd3fa317b2dc160d0f405aba

SHA256
214cc832e2abdaf687256a294d468b1075c3e0ca32c35d68150edc482beb5110

SHA512
c7c12c6747faf02665145c4a6a9f1071efe07b9b19513df59714bfbb94cd8c4371b4e962685856672db502e19640dc1f17f67e0130bed3bfde0f367659824fc4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
2341a6565a9529be00aaf894388a4696

SHA1
801bac49f3ed018a0d10cc992ab51617acf09bae

SHA256
17ada256ef911312da941ec5f79d2a60811e19d2794926707ea7453e1b2e3a68

SHA512
a8ce00ec76cd5e5629671fca549ff93b7ea8fb65ca9f2983251bb8a55a337f38d403701fab9c6701a3919d0b9e296b9c83d5656b3c1aca187016b02e8657a92f

Download Submit