87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
Size

39KB
MD5

16bd8acad5ab35fa56fddd1eadfa37e3
SHA1

d891ffc7b72f4c728f646c7b23c73302c4cf1d1c
SHA256

87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c
SHA512

dbf6314ef5fb469eefc479fff3d762393e263b0c1e1d85aa364abd534252b41c2b015a433bee12c632224e190bf09d2a44cf2e509d0267e4bc43b73848726833
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLUtg:W7ZppApBULcfpHLcfpyD3tg

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4109) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\LAYERS.INF.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Orange Circles.htm.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\PREVIEW.GIF.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\SETUP.XML.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe

C:\Users\Admin\AppData\Local\Temp\87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe
"C:\Users\Admin\AppData\Local\Temp\87364b575c14a26fa181442fa23a8031707e450f18f87e2dfd4d11718f851f4c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
39KB

MD5
bd1c319bc286efe6078bd81cf4cf2ba2

SHA1
aeba4b1e917b50e98d5e9f3176e67c97a69ef2d6

SHA256
6588760d4f32b509193b3f07a5201e61192dd0b0f543813fbe9000df98184c98

SHA512
58e46b89a293400f2e06b69eee1550a066c161317d3b219c392ea397a2f13155cecb83740c6a2e9262129c06c56de8105104d8bc1f0035e58bb9b72fd01eb197

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
e8b5c58a0945469bcc24824b3432f823

SHA1
b27fff0976a8f0a663919adb11ea9576e3bd4312

SHA256
38cd1c217391b15d7c9ed83581db83c62b52903f73407d8cd2c0b42304bb2b01

SHA512
fbcc16d3feecf6c27248e2b12ee957e4dd1d29aa660f11309e404854a9b12cff17d4eb7d2f7cd0424e96748f557d1875a86d795336b9eda1602fbe106b7f5798

Download Submit