ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
Size

94KB
MD5

cffe68ed15ba6b3a661a1a9086e53ee1
SHA1

eb53d749470579d6b2a9872fec98fce256efeaa8
SHA256

ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0
SHA512

9e81a1e12642adcacc6e398ad65ad8c51b200f3d21618dc9c55c19f97e07eefe5f4ae79ad4383c63e6340946518b70018c981c4b0c434103e23790de96a390dd
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhG:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs7

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3558) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Defender\MpRTP.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe

C:\Users\Admin\AppData\Local\Temp\ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
"C:\Users\Admin\AppData\Local\Temp\ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
94KB

MD5
6656be92977cbbca4f3a7a9182838cf3

SHA1
45c9e85b0e555832141c57e9677d29807573b3da

SHA256
6881da48ed28306f595e92e7debf91c2d2e5554221564bfb2e737823210880b3

SHA512
e791566ed559f0efb989694597d5fec701adc885fcbda20600c87752c9ed2db9d6d08ddeccadf2eb237b8b8e6b0c7fca8a03717c350314d8bf0180625dcf91e9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
30a44dc4afd3a3e647a28b4cd7f85180

SHA1
5a590ae107c5862dca86b6e2474c78b6b80abc61

SHA256
ca0fd359fd42e695e2c2d6e8d7b277c9ac06170a957eb0f23cc86edee1916087

SHA512
4d6d44306843349842e6129ac2be707b48011ad95501764e2cbf771981ca87dba107e2bd9b4238f4546f91591480d07b0fbbfd1cd4dad236da456d2861f716dd

Download Submit