dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
Size

42KB
MD5

837a350253c88655334c9ea97e5874e6
SHA1

85e3a317be64fdadd9b605a6f586685d589c1f9f
SHA256

dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45
SHA512

4f096943287f8440d5b930d9be7d126dee7aad7fbabaa9df1c3e7b4fa63a45ef2e005d7b0eacbf951435d624e989bf36d45ec9d0e46337514d646dd42f51ad9b
SSDEEP

768:/7BlpQpARFbhefnj0Tjfnj0TPuQogKO4iJfogKO4iJbZe:/7ZQpApouADDZe

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4120) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipBand.dll.mui.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\README.HTM.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\THMBNAIL.PNG.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\THMBNAIL.PNG.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\INDUST.ELM.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\SONORA.INF.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\PREVIEW.GIF.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe

C:\Users\Admin\AppData\Local\Temp\dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe
"C:\Users\Admin\AppData\Local\Temp\dc414a960c5788e1153a00864d206b06bd0632ec185d56c98d9077acb2ef6a45.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
42KB

MD5
fc0d563b74f6f6b6c58602538876ae3b

SHA1
4fb2e11493dbab6662b418d2f492d16f6a3672fa

SHA256
246fcde84027093de42abd1fd187b04cac0c6c25777cb0276b9b17b8da1b46fb

SHA512
735987cd9da3561fded243bd84570ca136c625c05b7f430398d1c7ed404a8f9541abdaf510be5ce0b870b09f44498eb212af3d7a27811602a869f38aef5c7a89

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
f11383ac174bbee09ee74ef6e69fcfae

SHA1
3878fbc1b09b418d1c875672e29411cd546f3635

SHA256
7ec07f994382e3e0c3e8db16a68aac4ec62c688f8709706f94416a05309557dd

SHA512
7a591ab1050dd9c9d4dcab9b11e1289366ed7bac3bbb9628ac410bdec1a3d97c1ceaccc4789d2a79a6a5b9c08ecbb038b244d171c2ba7489789187fc7ce9801b

Download Submit
memory/2624-3-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download