40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/08/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
Size

41KB
MD5

de1d6540340d73ca3dd2cdf5c5da87bd
SHA1

072dee09e547d761f4212ac615dc6c847e79926b
SHA256

40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb
SHA512

7a6ef530e1d2d335e887ea0c1e8baab4c933c78a69de58ba1f7508a1ebd9168f70a58bc7791628083581edf7f73d8d49d065ad4539207e4d6e222a2ab266846d
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvo42L5FgAytBpR42L5FgAytBpy6Hc6HzK:W7BlpppARFbhjbhg42LcfpR42LcfpybH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3840) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\micaut.dll.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\skchui.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe

C:\Users\Admin\AppData\Local\Temp\40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe
"C:\Users\Admin\AppData\Local\Temp\40fed519c1a8f266a3b247ac0a4bd77b75e7dc3571e7337a21825962b2976ceb.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
41KB

MD5
611297a6a5ed3bf2737706256b478b26

SHA1
202e03e523668f843d6c27aa29e7b36ffb307135

SHA256
70f0ae665a3a1a8f300c1a53e6028d2e3f0c2e85aca509252a8546b4b80b1f89

SHA512
0bf99c430f433f20ff335be94ad041c058318ce82bf2f73ac851e43c7437b8248b223e42042315c6f14068aa876c8c888dcca51c2254324cf49b759a2fc61857

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
b85466f8148206cae6aaf8c7b24af3c1

SHA1
8e85a53b5c2ff1888c0978e90dcb9c2d05758e19

SHA256
2885a1ec3e86e235863a65e4895aee8d8dc3938caab7ae72e80a166350bb70e6

SHA512
af1453463b5fc1352a1a2101ab5eb641e7158072fc6fbe5a737b5734df80b1e6c9d6c3cadda868a21839d23a7954d8d16c9359e0674b133f2c43f76939fe9d62

Download Submit