223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e

Analysis

max time kernel
149s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
Size

75KB
MD5

47282e47200fb3e282c2c2034a02ef60
SHA1

0846657fe2f481a4a101955e64f4415461ae466e
SHA256

223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e
SHA512

93d1364f6bc389f7a56e3ef80352c9a968bb49c8d9b5b95e167a1abca4ece66ee5d0823cf41cfac97dbcbb072d587fbbf1b31ff842208d0ab58085bc36afcc0f
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtb4HBZjlwGpCYnigugqOzM9bdifwMtxEwJjlVki/+:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjl0

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3693) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe

C:\Users\Admin\AppData\Local\Temp\223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe
"C:\Users\Admin\AppData\Local\Temp\223cd2fce22a683b778ec711227da6128a4871d235746b8d7fa456424d9b150e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
76KB

MD5
e292d6f4b3b8afadf6ce764b9490d37f

SHA1
418397178175a5777c498c04779cdf99b22585aa

SHA256
3d9a4daa70fb6d4222c97189632bc50a784e04f3803fa00c1a5a04e12b3670fe

SHA512
4fc4bb2e4e49c84bb2762d563dd074eccb471a504014f91646a1bcacadf27f66abe430508621f3627a68f2d8d49511c509a234ba5e9881f6fda54be336e7562e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
9ebf18d321b1c02b13727303fc340bfb

SHA1
6d529755e0815d90398162b30d0c509e62a77322

SHA256
b669626d134ce53b8ba64224b1903053ec06cbb5e4210729787dfe3c387ef2e2

SHA512
c0d0d318bf4e18ea61ee325d22316897c7f2c4b8fa07f0c0050d9f3abae0c1903ab432f93bc5443e743dad8626ae06625a9dd0446305b793fc6241beda54afa3

Download Submit