48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
Size

52KB
MD5

48fc8d1f6b5830cecce3f4bb4fc20bfa
SHA1

11c892f78d90fbcc0dc1bd31c0eff4187e2910d9
SHA256

48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431
SHA512

fe06306a57ad8bd53ad678d5cddb8ec3d9dfc0db4484a068550dc014f381e93a5952e574a917862a65ff2fc57516607f6e76e2a97987aff63a006e35405ac7e0
SSDEEP

768:/7BlpQpARFbhfyiyooa0OMiJfoa0OMiJ+PQT8Yi1xKT8Yi1xM:/7ZQpApHzoPQYGYQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3757) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe

C:\Users\Admin\AppData\Local\Temp\48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe
"C:\Users\Admin\AppData\Local\Temp\48b11c223e18db09026763ae533147844e0832aa115926cc233cd69ded3fe431.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
52KB

MD5
9d25573ee9267dff53f2e1d7ab84f96a

SHA1
9b5d98ab34db39fb6d3c1480d5d8d2cf909f460a

SHA256
117849a47ac0b72f9a972c0e485ed08dd53114d41d69b7fd6919c3db8859d3b0

SHA512
15955e041c92ad1ec17052816c91b171709d6eb17cdb5863f43f36dbfc245e1943f616107538b6bd97178fc6b998b5a7f8f4708782e5b209ea011b0b100988b4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
0bad7722f1081998a38547b30002fb37

SHA1
8b6aa4c152f78eb4da0f0a8d6e6b7cb95b6d58d4

SHA256
b9cec24982d68f505b308593197cde8e408fd9dfe46222b9f75b9a39b4b336ac

SHA512
722c53bc85c38b1fc8adbcfb71aa8ad09a46929b325c3c5a7993e8cfe9ea8dccd6d1d164812669ceb9c5c45312a2a9a5791be2e389fed39d23353d7403fbedbd

Download Submit
memory/3028-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3028-664-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download