8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
Size

41KB
MD5

06db94285e6d203748da857007cb9028
SHA1

166bcffdc7ca30a9dad382729983ba9716660d70
SHA256

8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb
SHA512

97df3674d187e555a80466cf7995b2de2503fce55e50384f4ff32d2258291e0f5b504a782f8540756ddaeae1d30a5d347d30ebdadd63d8d211cf9746782dfb14
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJH6vBSSvBS4FmZgMOMM:yBs7Br5xjL8AgA71Fbhvx/5MgNZ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3749) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Defender\MpOAV.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\SendUndo.wpl.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe

C:\Users\Admin\AppData\Local\Temp\8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe
"C:\Users\Admin\AppData\Local\Temp\8d89b38ce159a8a535944cb717dcd6819d3cea2ffd2f09211a0803e7f38bb6bb.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
41KB

MD5
1a493bbcff38dc4aae4840e25b8bacc1

SHA1
52cf9cb83c7402ef52a93b88a6a78255c9fa34ab

SHA256
3eee1898531140141d7dab53e94a30561cccf0450984001511e9ea5be046ced6

SHA512
9a4b693d209ea6426b2ddc75b3b90178223d1e0240451bcca48ffd7a638c3a4971efe02bac2b918d564d2875090818a6542b60fe7f5df1342a27db5a1e0d6815

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
5fca58f3d09e342628e7326dc5774c59

SHA1
04a6293ef9faf02926db91871b6decaf1088bc53

SHA256
c3662bb55a5731d90290bd284bcba95c3c7ebd40ebde5a19f111c674683ba72d

SHA512
5f035e1c6f645d1cfdaa7c843e6deef9c131a51b14ed44567f5126b7041f1a69e55e2d360ad9b23ea609e9e43ff7a38ebc05db80d21fbb8f8975f60c6b38dfe7

Download Submit
memory/468-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/468-654-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download