b71034ea84ade2a995b6e61243f985b7ff5c46840c62179902e4ecae133aa2f4

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a97420d70ab27949e25d3c48f74d700N.exe
Size

104KB
MD5

8a97420d70ab27949e25d3c48f74d700
SHA1

53f5c19b1f62d54615c2ffb5f81238377db8e1cb
SHA256

b71034ea84ade2a995b6e61243f985b7ff5c46840c62179902e4ecae133aa2f4
SHA512

d401893f0907d51f59c95dcd2b89e19aaa4eef62d3b827104e0dffc7eb690f8f9c1d4510ce097df1e80a6e2eb6024f0dc21d6177585c28a32bb3fd84d12dc689
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7fGimiR:RqKvb0CYJ973e+eKZOf7fGHy

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3165) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	8a97420d70ab27949e25d3c48f74d700N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	8a97420d70ab27949e25d3c48f74d700N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8a97420d70ab27949e25d3c48f74d700N.exe

C:\Users\Admin\AppData\Local\Temp\8a97420d70ab27949e25d3c48f74d700N.exe
"C:\Users\Admin\AppData\Local\Temp\8a97420d70ab27949e25d3c48f74d700N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
104KB

MD5
cf22437ed81d6a15e42d75f2d1b31028

SHA1
39b56cbe74d4b6714389aca6068b152775cc51cd

SHA256
cb76930ccdc3e9011b4f042ec7aca0f551a2286d8dce28bf0494489447d02188

SHA512
f593e24f23a75327735cb400f3e7c11666370a9761278498b22c9e9d73cea65ce7f8af6701ca9e744a9680251b93a35de1374bb394dde3d2c5c0eec31a8d21bb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
11663bc0583b8a33ca6629db822c108f

SHA1
f3e8ddfc740e1f052091d3076717e18d4f9900dc

SHA256
11e0c6de7ef458ef732c8a684b28a51a54a84888038aea17e3360229885fc39d

SHA512
07f7bb5c87aeec7f67b2f0feee2263aad2889aacdd7bb6997fe22f12dcc99695073148dfa359f398796c5f845ac91e5457dab8ebba18bc7bd6313f16efd729d2

Download Submit