7c511f6c1e6c36c3caedbf48e3a2dd34c2baf214e3c7ed7bde1b0ecac08f57b9

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 22:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

14c94c16b8b0ebc21afa9b8005e590a0N.exe
Size

35KB
MD5

14c94c16b8b0ebc21afa9b8005e590a0
SHA1

da472bebb0a1036724c0b26fd6601591219d2233
SHA256

7c511f6c1e6c36c3caedbf48e3a2dd34c2baf214e3c7ed7bde1b0ecac08f57b9
SHA512

a355886e28e5f4648e281addfab44ce64027d42f482af2bc7dfdb082995926a52f7b181d04374284d0dfd965dc272ba8ac117c26dadb6f08f4d79d43f387b2e5
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvo42L5FgAytBpR42L5FgAytBpdjk:W7BlpppARFbhjbhg42LcfpR42Lcfpdjk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3418) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	14c94c16b8b0ebc21afa9b8005e590a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14c94c16b8b0ebc21afa9b8005e590a0N.exe

C:\Users\Admin\AppData\Local\Temp\14c94c16b8b0ebc21afa9b8005e590a0N.exe
"C:\Users\Admin\AppData\Local\Temp\14c94c16b8b0ebc21afa9b8005e590a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
36KB

MD5
37a1b6cb37bf778b78b9258faf1b169f

SHA1
531dcf7337435f33fd1b7331cc06f437058fef22

SHA256
d343f0aefecc9e250697800e4254125e32dca81ec5ce77fc452eeed504c47db4

SHA512
7bc381a1ba87eea5400e4bba75848b8c778f19029425fe7fac1786bf74cfff48712b99640a8423765aa5f87ac083bb6c7e72e307446d731885b6957049481fa6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
f5cd00073294be14f0445117b3494b5d

SHA1
ea1fb086debaa0d5678cca8a5438a9f212977d91

SHA256
8359b309256870ab11d2bdb9fc23baea43977a5cd3d0da222270dbea1daabc2d

SHA512
6e1edd49dceb88bba64af6d9bd887e6ec2db44b083dc6c16c59196a07489607f4c0d88abde045eec02bdc480dfd962527eaf4a97562f87b7160e5e905b146f05

Download Submit