c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 04:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
Size

34KB
MD5

09ff0b488a5982f67b61e99b7bcdf71d
SHA1

84bd9e5c37f4b5e5daedcbe578a78853182cca4b
SHA256

c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088
SHA512

27a0d00f467f14d62cee95f24cf89a44a4a2e5cdf7ed7b72752d053c841c3be095044cdb7aeab0c3de73466318acc14c745a6c7ed47627db22297540742718df
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHhpqOkPk9:yBs7Br5xjL8AgA71FbhvsGs9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1345) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe

C:\Users\Admin\AppData\Local\Temp\c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe
"C:\Users\Admin\AppData\Local\Temp\c0180213f903900b0f7bdbd417f599fc1cd924f4502152ef3e340e329fb28088.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
34KB

MD5
537dca90e949205115156bbf8256f526

SHA1
2e77608ab12226215c4437ae88e766dc855a576f

SHA256
bc5e8eada75969942bca8b91f35a84409c343f5f4cc46fdb58e266c96c6d2c30

SHA512
1a12d09d90a4f07e9bc066b39894819704b6b0cf5f6891a9273b654867654a894bf5db6167e75d9dc0c6e41ff71a62c4197e6e88e988fedf91aa2774c5471f42

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
43KB

MD5
e3a37512d8c63b70b11c774fccce7c31

SHA1
15a98f0b1f97f3909e4fa2418182c1af555e04f1

SHA256
5e1f88b2621207849a8d7c1106b819dfddf6645f480952661829f60e2f9bb17c

SHA512
4560530383280b884400b9f55db8441f22e1b1c8db9b3623b14ffa12ab45b7fcc4930df29c02292ae272511dcddc4c43db9b8fd1681bdb2eb299312392a5ccf7

Download Submit
memory/2564-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2564-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download