ce88bb9d0eeb97c930ae5e3c541b5e4e96f3a1b90f74cdd2e92e29770cfc499d

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

682b9d802e02c67014f68c7ad6c05950N.exe
Size

42KB
MD5

682b9d802e02c67014f68c7ad6c05950
SHA1

ab4f98c7e5f37773b38c56962ffd60ae81002d74
SHA256

ce88bb9d0eeb97c930ae5e3c541b5e4e96f3a1b90f74cdd2e92e29770cfc499d
SHA512

d76f4ee94d33f9082b3ed7a3f6e381491ca399c3bf423816931d0a96551d329e587e63431b243fd6a56afb9bec7bda653392653ca92034d1ea10a9ad2f96e002
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGwTCus7sczBEQgQg:W7BlpppARFbhbt7Y7wTCnBE3X

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	682b9d802e02c67014f68c7ad6c05950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	682b9d802e02c67014f68c7ad6c05950N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	682b9d802e02c67014f68c7ad6c05950N.exe

C:\Users\Admin\AppData\Local\Temp\682b9d802e02c67014f68c7ad6c05950N.exe
"C:\Users\Admin\AppData\Local\Temp\682b9d802e02c67014f68c7ad6c05950N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
42KB

MD5
7599d2bd27a20cf63d89830ad5fa15c3

SHA1
a22ea929937f15f747683a3440b59d2fd8734ad7

SHA256
e70ea5ece66f15138003ccd1489f58354b1598bce722405d0eee58908345c552

SHA512
bbfb667f4b1dcaba6dd2ac5a0f3f19f7629d590483aa87389ce526dfb9f1e77914262bbe1b98ed3b157fa922e8ccc094532c2cda7088c83131c296120ec03950

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
b830d494f184a81be715a43b8b1c0329

SHA1
a6b80b247401c58cdcb953d8ad0cb1ee489c362a

SHA256
8eb22486084c54767373fb15e5d33cddba7ef82365a5e097c446239e71ae151f

SHA512
1e2201aca0095c962fedb06a51d75a6d10f7f693ce661f8fa7e3ba2fec6ec5d4a91edef53ad59af9aface9dd8a16950b9a4484448446e9f6d2da3fbf5faa228f

Download Submit