Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
05-08-2024 21:31
Static task
static1
Behavioral task
behavioral1
Sample
0c3231f48eb034bc4aeede64d8c4d6d0N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
0c3231f48eb034bc4aeede64d8c4d6d0N.exe
Resource
win10v2004-20240802-en
General
-
Target
0c3231f48eb034bc4aeede64d8c4d6d0N.exe
-
Size
53KB
-
MD5
0c3231f48eb034bc4aeede64d8c4d6d0
-
SHA1
cfc17d9eabca136f3b24cfd7a5aaa2fe5b347037
-
SHA256
e9350d4a40a5945b1808ff769ec3962946d664d56d7ca237f9090de454ec9edb
-
SHA512
8fb39f3bfb8117932d8d590deda2c95fea85a43a66ff7dffa009e5bd39060efd6f91a11fc1e5a391c71bea6864f60a25992beedbe426dc2d96fb7b90320ebb95
-
SSDEEP
384:GBt7Br5xjL9A7AgA71Fbhvyu7uGYSinVtYSinVwb1W3WxV:W7BlphA7pARFbhpYSiHYSi+V
Malware Config
Signatures
-
Renames multiple (3339) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\zi\MST.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\7-Zip\Lang\th.txt.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\jfr.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\7-Zip\Lang\ne.txt.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\bin\zip.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp 0c3231f48eb034bc4aeede64d8c4d6d0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0c3231f48eb034bc4aeede64d8c4d6d0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD58543b1a603284af734b6cd0d2dda8324
SHA174cc066e71ce65beed848f9d4a536b0b04a9be80
SHA2561de380271d9274f35a0aa2922568e0749e10f6da152af632f439e90956d89909
SHA512374adaf53f661f72be0ff78a7aad3201c1a91da882a23dc8ed139d18300915c3c6dbb8915606fac52a228a5c9b8238cf7aef6fd7cf9fbc0d8428b2b4db24b598
-
Filesize
62KB
MD59f06cf3df19ca7cd631b3f2b49176826
SHA17baf5d661c9bb47e6d2eefb49df1f8be0dd50e3c
SHA256d5f41366e5cb46f4b380abbc540638bfac14e8f7b1297235d3cf88e8d285a8cc
SHA512ae4347a81a94593c14ad0432cb1d8ad03a83a618c2798d651680afcbaca75ba8228cfcf009c15016849040392baa663b3378b20564ce3aeba06aefb8fef368e8