7c9db397b3e07a39ba258e08c439b69842afe41046983cb85791dd51c7c6fc3e

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4356f96ceb8b571c8cf80c95d598be0N.exe
Size

48KB
MD5

a4356f96ceb8b571c8cf80c95d598be0
SHA1

f20faf0c895bd8df9b2cdd3234e57701decf7e7a
SHA256

7c9db397b3e07a39ba258e08c439b69842afe41046983cb85791dd51c7c6fc3e
SHA512

f6d369df8f7fd0150bc414d6ee5fee81582dffb0f51b16dc0f4a8e1e30d440c2c37d7ba5861a87a9947906a6d4173a4f9f61474d68c41f891b6eba16e3f3202d
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwRJofJoTy6H6p:W7ZppApaJofJoC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3428) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\GroupMeasure.mp3.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\ShowBlock.aiff.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	a4356f96ceb8b571c8cf80c95d598be0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a4356f96ceb8b571c8cf80c95d598be0N.exe

C:\Users\Admin\AppData\Local\Temp\a4356f96ceb8b571c8cf80c95d598be0N.exe
"C:\Users\Admin\AppData\Local\Temp\a4356f96ceb8b571c8cf80c95d598be0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
48KB

MD5
0eb0a520eee6d4b33211c126e4df46e3

SHA1
1f1b7ebedd81fc9ec5bd39c99f684b9de461bfc5

SHA256
a1c51ad6b6c1a3faa734fe68b78c6650a2925627351d5a58698589f08c2938b1

SHA512
84ead3591bfc5816d9142335015a38d46a76bb36c70a360394ea20cb4ed92358a26331d14b8f0f12d9cc18372645fa5f91c61ab91290595436adef91a445979b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
4ba22e7928569039b5d73726d0e10fcd

SHA1
3d50b895fc45979e40af63eb8c679674687f9ffa

SHA256
534afdd7f600ee21b402b938e5e6cbc6d0a4904108565fe879894155eadfbc33

SHA512
c00fed10c46cb008e0d5691ac8f4ea69246b8efddad8420f8ae0528ae6d4a732b61c217e9eccdcded896a33ba42bf5f1e21f924d84e9fb5ea67247b1c0a25377

Download Submit