49d6c1b4f1028f65d9e0a6c33741b8ad314f68734fa51a104cec1aa836f163ff

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c732f3d49d22a3248ea253235f91410N.exe
Size

92KB
MD5

0c732f3d49d22a3248ea253235f91410
SHA1

adbe852afb42abb5b324b61ec111ab0f00231fc8
SHA256

49d6c1b4f1028f65d9e0a6c33741b8ad314f68734fa51a104cec1aa836f163ff
SHA512

01c49fb8607411c9abb139331c2fd8548cbbe16fae843a6794fc6e577191e299f00a5b2581a045040f3c9d91707055195ed3e7f65068d4cd88e8f7b9dc38e494
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzY+LKLE6G:6e7WpMaxeb0CYJ97lEYNR73e+eGGnLK2

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3121) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\ConvertSkip.M2T.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\ConnectRevoke.contact.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	0c732f3d49d22a3248ea253235f91410N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	0c732f3d49d22a3248ea253235f91410N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c732f3d49d22a3248ea253235f91410N.exe

C:\Users\Admin\AppData\Local\Temp\0c732f3d49d22a3248ea253235f91410N.exe
"C:\Users\Admin\AppData\Local\Temp\0c732f3d49d22a3248ea253235f91410N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
92KB

MD5
4070d3927f33bd0febdad203e07c20da

SHA1
f01bf2b0f904d020d7d5f14142b9dbaf2416df0c

SHA256
7ee1dd646e6a3c83642bf3e7599cf435eb8ee8f530fd05559a5852c877f3d98b

SHA512
597e40574217ae369f61fd302545ca17688e286670b6a8fca318a4186b6631e56af73fd0e2996ba65cbe2f640024d77ddb9d39feb31ce6e3e4dc8e025869e235

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
101KB

MD5
11cb6589bc7bd456ff573b10629e74dc

SHA1
db0a9a57b4957e5f11c09346573ba6815f85b282

SHA256
8755445622655f34e475d3076ad2eb0d5d3b7571441a6e6f812dff94be4e7881

SHA512
6804e6dc1d98760e9a4cf6bd345840c8ad01133122e9bdaf3395baf7f4bcf1293c7f871017a2c9181ecf7bd04bc49599541f9144974e478a304e5128a31a9142

Download Submit