1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/08/2024, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
Size

43KB
MD5

4d9e1da319c45f4bdae0d73d17dd81e9
SHA1

4a420920e88b0f346e86cebe1f73efca514ff2d6
SHA256

1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9
SHA512

86f5c627963a7e71ed1f832c110b5dd771d9a7f3775c01d422407b222cbce47b8d1c912e368f55a63045a5807f9e31c457408bc3a54dd22ea329b2bf4293935b
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLic4Qc4T7A:W7ZppApBULcfpHLcfpyDXcHcM7A

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4133) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\ECHO.INF.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penkor.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe

C:\Users\Admin\AppData\Local\Temp\1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe
"C:\Users\Admin\AppData\Local\Temp\1f230c7b81edecbcdf0087c4d3cbda0029a9887c69e9a639542034eef155b8d9.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
43KB

MD5
73c7bbd86b4dfd36f8a4cbbed0ac5fb5

SHA1
22d52fae94386b80e8d1386d43480826504c21b8

SHA256
3725f827e78100517c670c01b9d6d0beb3ecd06a4d3353a563fac023059ddc52

SHA512
de155d5040711dafa443d9bf891e788d353a7fb449d3edf5d6c480420878700f302b369aa197254765d6be8645fd86e3879883d9ee66fe45d8f89e32d69a1f64

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
fc30a182909239cf0a3405e75a4a088e

SHA1
cccd52278a8fd859913998ad34bbc7bc60dd4591

SHA256
70e6e02775ffd249ba6ec0602368a3de41f6f56a0d1704426ad0e1ce88f47acd

SHA512
3f7dd349e6f3966298bd99429309db147749f9bc973fd85bd1a80f6de1551d09d292b6911075e7350fe3611294402741226de554e97a9aa6d077b499a7e08e7a

Download Submit