47bbbb8d82209ecfdc78750a14ce3d2b414016a507e337933994548287bc9311

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

546e8e8aa4d6f5536e5a3363ff33f860N.exe
Size

41KB
MD5

546e8e8aa4d6f5536e5a3363ff33f860
SHA1

9ce64422ae2dee8d3c413599f4cda7a285e2cc69
SHA256

47bbbb8d82209ecfdc78750a14ce3d2b414016a507e337933994548287bc9311
SHA512

8dc056ca42d8e3184a20e98efde7d439ffc66e234c62152198cde8ec1140f0326aa78492d9686d71fd885acc7f7570d80a1b043072e9794e1b049af5a92f2751
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvYD/DggNNHpQKMNHpQKMFwWnm:W7Blp2sspARFbhVgNNHpQRNHpQRO

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	546e8e8aa4d6f5536e5a3363ff33f860N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	546e8e8aa4d6f5536e5a3363ff33f860N.exe

C:\Users\Admin\AppData\Local\Temp\546e8e8aa4d6f5536e5a3363ff33f860N.exe
"C:\Users\Admin\AppData\Local\Temp\546e8e8aa4d6f5536e5a3363ff33f860N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
41KB

MD5
304b525b7edae29480dfd935d400a13b

SHA1
d753eec5d6a275ba063cb5f6e1fe207144754d66

SHA256
2b1919780dcd3da99d85c91e7ce02c5f93e4365c433a89a84f3b3a24c7618f74

SHA512
2121730389d221b264b25330bfb693f1c50c56e117d6eaa6c287588ecca16a9dcbc8b7b3b2efbb747cab08b058415ccc00b297c6eb79f25e5362ac579a2b3fc2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
d4e441585f53df6f96d53199408ed5dd

SHA1
f7169bfbb7d6508d182c74f124ec80b6c50199c4

SHA256
4596f548611bcebb06f24210d9765a68e8daa14621b210ebf0fa9f46925fec65

SHA512
a9aadb9831bcfb5b8e226eefa83eb65849dc9487684c2069a1e4a28f48e3ff8325ea18d8cbd2c47f2d84a08ef4ef7fb8c73bada65ce52ba3a15ba72fe82d7527

Download Submit