f33bf963027b08c5961cdd455300a5fd91f81c8e45f4513d9cb527f025be56d7

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

223bfc2da55037a567f0beb7d24015d0N.exe
Size

49KB
MD5

223bfc2da55037a567f0beb7d24015d0
SHA1

5926903263cbe735b2d8b246471c7eae7c1a8d1c
SHA256

f33bf963027b08c5961cdd455300a5fd91f81c8e45f4513d9cb527f025be56d7
SHA512

f6bbce5bf5611f6c6e29e11fc063d7c5b5c7511058fc0fb42ca672cbd510765be7b5a5e1d0dbec2c52a2ab89f90a2b922d3fa1d92678b6be4c52b330d02b340a
SSDEEP

384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJr4S04SCzwzdAsAbJOkAsAbJO1:/7BlpQpARFbhq1KX101GIesAbJEsAbJs

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3169) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\InitializeInstall.vst.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	223bfc2da55037a567f0beb7d24015d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	223bfc2da55037a567f0beb7d24015d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	223bfc2da55037a567f0beb7d24015d0N.exe

C:\Users\Admin\AppData\Local\Temp\223bfc2da55037a567f0beb7d24015d0N.exe
"C:\Users\Admin\AppData\Local\Temp\223bfc2da55037a567f0beb7d24015d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
49KB

MD5
f497e505430fc631b3efe5229e406a05

SHA1
2601cb4efa3e1f582f3bf125fad733f0381394ef

SHA256
f894a6041c12a13097992bb30c5d72a6c449e9129f03d0576bea77e49d70f5aa

SHA512
d30e9d3e0130f52978979efdf3e1da2b6711801ae92339daec23cdbcfc00d6aba73a235e9e19a62426dbd286731ef357d2bde898ded8a440a9c3d3b06fc13b2e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
76ec3a4bdb04f8655a07e750e71be52f

SHA1
544426a4d398e6b5df224e8a95dfe3af8bca41d1

SHA256
bb236e035c834e25705745883847c77a99045872f45bae8af3220217810813fa

SHA512
63fba8e5b5540bef4ff525719f434ec85004ddbd1b554edea8bcb9cc48094e4219d11b36f997090fa68edc9c88bda93250db64ab88efba076e25697eb7259920

Download Submit
memory/1316-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download