557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 21:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
Size

42KB
MD5

901ba65142de2d317b269c24f483876b
SHA1

6fc83a81df2e074664992f319fe87718e69519c5
SHA256

557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679
SHA512

c8c7adb1711fa769a0d32e97a05ad05459938867d17576496026f55c7f2f7373b48b54d3f6b229fbca2a96d219f2d19447d7231e406f6350a10efe1701a0c358
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFew/DbAGw/DbA/:W7ZppApBULcfpHLcfpyDoA/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1024) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\CloseRename.mid.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe

C:\Users\Admin\AppData\Local\Temp\557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe
"C:\Users\Admin\AppData\Local\Temp\557dba4249940b4fcaa06423bad8c9464c80730d87294af3afcf2c3f2c88b679.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
43KB

MD5
360743cf34714861a8e284033b7e9aaa

SHA1
e950f4dc5370b012651e19ba200dc583533b9dc8

SHA256
9bbe09c9bd65829f0447d90173dfa8ae825f3791c50bcd82b50bf9329e1cd3a3

SHA512
94aa8d8cb2f2b9afbde2d3bc11727e7065346ac074968ea730f8a43ac5bdcae6f5bc55e587877748717bdc6d4d8b14fa1d770f1898c2e7ecaa87aa99027197c6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
e847e3b19918819f005bf77d39b0123b

SHA1
b2fe71c05facdf651be3eacbde18d788c3f7be5d

SHA256
ae4a4ecbedecd9ab1006acff8f256915b769ab4443b2283b079d13f30aaa2eed

SHA512
f1d608b162a09dc592332fa97a76b79d1b3a218800949c87b6e2c8b929a6c5c4ad74beb5b15095338c7533c74da8659975550f393a9cccaa3ba47c59c5c6ed81

Download Submit