8776b97a486543584a6a4008e43fa31da3dfef867ac15b35ea5108f07ec133d0

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02d29a089d89f9a1a0d3a63aa261d400N.exe
Size

106KB
MD5

02d29a089d89f9a1a0d3a63aa261d400
SHA1

e00d36052dff1a64073227f78bbe3090b467dc18
SHA256

8776b97a486543584a6a4008e43fa31da3dfef867ac15b35ea5108f07ec133d0
SHA512

a753cb5b8352bed1a8b01976f3cab47470d8524bd09cda8478e8360871ed3b16c049b2167602adc1465540229e79cb7111676e0aa94dfae0bba83508d2645c86
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7fHegeK:RqKvb0CYJ973e+eKZOf7fHP3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	02d29a089d89f9a1a0d3a63aa261d400N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	02d29a089d89f9a1a0d3a63aa261d400N.exe

C:\Users\Admin\AppData\Local\Temp\02d29a089d89f9a1a0d3a63aa261d400N.exe
"C:\Users\Admin\AppData\Local\Temp\02d29a089d89f9a1a0d3a63aa261d400N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
107KB

MD5
0e3670bd92c91d2418522de2ecc51ce0

SHA1
0b87d3595f45ea0463269831c9598496797ce611

SHA256
59560c5eec08ff199062a0811ed935cc9b6455db8297d40f72df4948c00d91e4

SHA512
87096b557f7accea3c6682f99b7077b66052e52e1373119e16bd8a4a90237d8d03ca5cdeb9ca18e3d1d2c61fac5affcb1db9c4323bbd345f23e885dee6c28490

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
116KB

MD5
6242b4127aa326714ac3a1fc4949e2f4

SHA1
f32c7cabf64a2052759654a41d959248b1934f4e

SHA256
2cb6bed9bc93c4cb4dfbb526a6d254dd7a4bfbd85f1bd3cc88242041be944394

SHA512
973e18caac39d4ba4b56145b4844056e94032aad783072636d0ec3538b74ada712f7d0ffb4b8c8edbad139e9b564991deff3eb31b9b90c981b1a95860aee927a

Download Submit