0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
Size

57KB
MD5

c9f1a634fecd5d3d9fc27e9294751531
SHA1

5edb1387e359b21ab468c74799f529826f34478d
SHA256

0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25
SHA512

12dc91a02360d9170f03f5036ada6e7a379c7572919f73dfa8d783dc7eaa1111d3dd1d6ceab5b8cd888762b9383b1bb8ad3fecff583124ba072a661a276d9846
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvo42L5FgAytBP7DC:W7BlpppARFbhjbhg42LcfDDC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3757) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\CompressPing.csv.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe

C:\Users\Admin\AppData\Local\Temp\0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe
"C:\Users\Admin\AppData\Local\Temp\0262b7ec86f452074c62d41f044e2664c134013255d491be1695148ee1c21f25.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
58KB

MD5
931c036906db355a1ca0afa7483e0fdb

SHA1
16c9768922e8f2182bff75d395aef6dc493924fa

SHA256
4343c9ba011cc71f70be291f6878b06824b1cc953531ebf74b898115cf7502d6

SHA512
02c4c3ac411b6d20e1e60a03f3cef552a54d86994ea76063475055ac6ae6c8da54d4ad56e886e0278509713ab72860011dc001e3f8da8204af376e0f54e4252b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
395349cfe55a4692f34e5cb1b4d354a6

SHA1
5344fa1a96cfd03d88139b608045520b983d892b

SHA256
f7881e4c850acce718781fc484b9cacb3c0dbbe1c6a7b35aa584cdfda6bb2820

SHA512
85ecd946b248402d829c31159512f43969bb8f277574c56ca744dc026dd29feb262576f42e46e62fac9fd3b1ce7cb4dbf470eb6cba943193270be53e28aba83f

Download Submit