e4db4b6b105167286b0d730383c8052e4553560b47dc055ea96caadeb5035b97

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7819b92b1514e76a98a35f05fbe4b310N.exe
Size

62KB
MD5

7819b92b1514e76a98a35f05fbe4b310
SHA1

0779e87f1eb5f90efbb5ef57e379ae0dbd340867
SHA256

e4db4b6b105167286b0d730383c8052e4553560b47dc055ea96caadeb5035b97
SHA512

e6b032167f2e49bd78015b46f7d8336677d759c39f7dd192aee1a7a33f25d946690be99655548ce0208964b5e91dc51555859873ef525017cea19490e09b28f7
SSDEEP

1536:W7ZNLpApCZuvIYXxJ75sNpJJ75sNpyPIXxXXS+SrTV:6NLWpCZLYFXxXXS+Sd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	7819b92b1514e76a98a35f05fbe4b310N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7819b92b1514e76a98a35f05fbe4b310N.exe

C:\Users\Admin\AppData\Local\Temp\7819b92b1514e76a98a35f05fbe4b310N.exe
"C:\Users\Admin\AppData\Local\Temp\7819b92b1514e76a98a35f05fbe4b310N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
62KB

MD5
e7aa97b783f3b2088f66ed3092fde401

SHA1
c2edafddfe180ebe4ba2eb5b4cfd236ace94785e

SHA256
f93b5a48dc98ec603bdfd62b01cdb9f4a74e0ad4f929c2218763d0d99e5a6775

SHA512
22a8f399cec34d16354babe9bccffa5006318e02ffd373a3de5b92bb1fcacb9cc18c60ef09748823f5ad4ca2b7d6432a2ca6ffe43a8a2178eec78ff5c5bd4fa0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
d1ea8152935e499a01683072da3feb8a

SHA1
feb431c099be76b7194361e37922f128bcccc2c2

SHA256
d044e408ec36e13e5a0dc6b92b21655c0262c63dbc68a97fc1ab4232f8491b66

SHA512
4ecb796f5c14812393bf7a465feaeb716a0b83ef65b62c04bec35d55482bb960580df66a2e25a892894dc220ffcdf959e7144c98f129974909873f1355a15e29

Download Submit