7ae5041f1b1e47105bed48c1a7792eee5ab0166b53f478540df6860c1e564525

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
Size

135KB
MD5

828fc3c2ebeaf0fb3b58109ddf9c3d80
SHA1

0f753b9f39f2dac6b34b28d7e14fc76532bb2021
SHA256

7ae5041f1b1e47105bed48c1a7792eee5ab0166b53f478540df6860c1e564525
SHA512

a118edc1b807002116abcd1200badc147ac9b547c2068cf900f44454d813b1a8d3fae1fdda8ee5aad3a3fb3e86764c88f4e9938bc319759f91dcf806ba5c3315
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0s8P43C:RqlIyFESWu0SWu2s8P43C

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2661) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\ApprovePing.dotx.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe

C:\Users\Admin\AppData\Local\Temp\828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe
"C:\Users\Admin\AppData\Local\Temp\828fc3c2ebeaf0fb3b58109ddf9c3d80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
136KB

MD5
3ef61eccef7adf9e187eb917525e6b03

SHA1
bb6c192232596aaf4f651ce8c6b30d17837b92db

SHA256
da328cb160d3dcab2d58043c8d7fc566e6407c1ac71a6043ed2f0a81ac72df7a

SHA512
9e959525c5357854bdb7cad067768d2071eb7caacc113f70ce289943e7200bb6f5954f01ee48d3112ff13e584300d5aad8ea3a16b109432822279e227c114c41

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
145KB

MD5
8686ab856ae3b8b0fd0c3dae81336cb0

SHA1
2cb5d4f3186b8c5dd73ef8f0f3162044b48d1018

SHA256
32f3fd0dbe65e3d60cd30f55824d8b8a0b1d14875f87a88b53fdcd7c3a4cfa9c

SHA512
40962ce2e6f2e904517f83c79cf3c20eb81b8bee569bce2ee111fcf2977f0c160a1b2a9061cd5aa3177203642ca3188e423facd571ea3ccfbde8762197b9f766

Download Submit