5e684542434283de76e6e55d0742067b75f7aa63088c67a124bc0e7c9d0a6220

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35d7d7f028c52b20c1fe8c8277c8ef70N.exe
Size

38KB
MD5

35d7d7f028c52b20c1fe8c8277c8ef70
SHA1

5a0b99483e2654433757722cbb3456ca860305dd
SHA256

5e684542434283de76e6e55d0742067b75f7aa63088c67a124bc0e7c9d0a6220
SHA512

7cb21f05b98ac2fc65bea597fe572acfc5e7a980d3ce6e87f89a3b371df5c59ad5264acaaa2e05f186e168f40475039f3d6404533a27ade38d57ff91af7d7299
SSDEEP

384:GBt7Br5xjL9A7AgA71Fbhvn+nDm0CAmmLg5Ms7spsZ8HYGkqvtJ+Jnhq:W7BlphA7pARFbhOm0CAbLg+snhq

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3257) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	35d7d7f028c52b20c1fe8c8277c8ef70N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35d7d7f028c52b20c1fe8c8277c8ef70N.exe

C:\Users\Admin\AppData\Local\Temp\35d7d7f028c52b20c1fe8c8277c8ef70N.exe
"C:\Users\Admin\AppData\Local\Temp\35d7d7f028c52b20c1fe8c8277c8ef70N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
38KB

MD5
ff708ae468894eac68c4ea1c6559c99a

SHA1
2634c56ed174179a223e51b5d0dfbbe447a6ff37

SHA256
a61f3c519255e34e4dbd787bba0625945dd252624147b0d9a5570ba5d26ea85c

SHA512
a6c8176af02ede6a72d5722e2447a07d6c73d33361dacdb8398ae9163e5615a2bcc7a7c9eefecc66f798a5c5bde82b292c820c9ed168a252f3c1a3defdd9a9e7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
42d4f66176ca82448eff94cf397d41bf

SHA1
8ad58f9f5fa123e343cd8475f351d4e88ccd5ef2

SHA256
6ec07de738bae769cdf776fdf7e7bf2c4dfae7326a28e9ebf95033c64aca8ffa

SHA512
5044e6b269f74800c0615a301cc2c71174863da38a72bc58e39de3fcebd615d01778699bce2fa5563660f898cc7ceacd865aa981a0d5552389c9fa8f99d60ee5

Download Submit