2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
Size

72KB
MD5

0ac0b4821bab2596e7fee0cddaec2979
SHA1

a4ef61cf6c1436726ab49bb3468c97f843f2b0dc
SHA256

2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898
SHA512

61ac0e6c4a742345729b4a72e399925cfd8e8dd9abb2a2eab45eabc95bc39cb6c28395c9a6996b9438c15e111e08974ceeb535ffa2a454fa17fdc4bb98f7a51f
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpW/P3bG3b52M+++++++Ehhp4BybOHK4UcyLj:W7ZppApBULcfpHLcfp241BoLqrN1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3789) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\abcpy.ini.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe

C:\Users\Admin\AppData\Local\Temp\2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
"C:\Users\Admin\AppData\Local\Temp\2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
72KB

MD5
548dd567db588c17a49058b3e59a624d

SHA1
44971d2902c67234982683b0d2c2a4cd84815c61

SHA256
9efc74c3dd589658f6d27f7d58e54b1743d64e75b9b4ae8ebe273336c74669c9

SHA512
7bab69a377e04207a05331f7d816f3aa727966a75dc433e7687713130bd6a9c87689eef2e4144d00c2a62a8a1fac496f16623e76245f875af486f84f926febf1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
8b6ebaaa5d5cd0cfc5734f0e5b880cf0

SHA1
a87daa14d6e6c58e7770ca5278fa900d1dd37183

SHA256
15823ec3e144e489717b4588f816d61619078d6bca4cf20ad719e3b7fb37e5e6

SHA512
8ce2f365bb478b62ca540c7c08f1bccd357f815ca3d4157dbe34090ee47ea6856515f532703332bd2ca70b99cfa3ebc2b16bcf2252bdc3c86cd0ce15fbb9145b

Download Submit