250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
Size

50KB
MD5

d61a4dc5b04d133ba3a8ea1e6651c9a7
SHA1

debfd036ae5ac77d1d5c5bbbdfb98ffd194a22dd
SHA256

250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61
SHA512

ab2a4bb05abcc5f84c7114670094bcd22e6dc81cc7600c4a9eadf589d2bae9d10ef66888dfaae32552cee3d47bf7c9f1e09c8b1e336758abba60dc2016403094
SSDEEP

384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJr4S04SCzwz+5zz+ozz+i:/7BlpQpARFbhq1KX101GIW/+o/+i

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3775) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.WPG.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe

C:\Users\Admin\AppData\Local\Temp\250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe
"C:\Users\Admin\AppData\Local\Temp\250356eedbffacce1e1d097afedda083501bbe420d20df11c95cf6c001599f61.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
51KB

MD5
073b290deca5c9755508420c1b1d8441

SHA1
3433c7ee34a7547ed95c7fa2c3721ace047f0c7f

SHA256
248fd56e0042805459ecace6e62b0a0431b58e9833f3ef701369643be1464264

SHA512
987e98de3546d9c4113e4a399f1c5bbeb768d4965031948dbbdb07fc568ce6e71e1b05b98ea4af7fa0614e3acd732780b0d7337ed5669f85bac306aed8b0e957

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
a981d21e7ba0d7f8d1326aebba870039

SHA1
52143c855aac8d3b12c835582682603b3d1b3578

SHA256
d5880f373c5b0dd9af858d1312c1f223355a169d1c6d12674e2608ab3ccfa696

SHA512
629c5db38866ea550de9ea826630e4fe0c2f9d9b0adc92ae10de0e413fef25f93579a3a2cd658772416088640a51124bc998e623c16a98e4d4828420ba855d29

Download Submit
memory/2708-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download