ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
Size

77KB
MD5

45dcb50b97f313996609b910b16ebc4c
SHA1

8caa5b5710a5ff6ae2403f90b65caf46e1346f89
SHA256

ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1
SHA512

b97d5aa5cb0f21560ee3ba7fb3104c6a93b724c353fcfe459d088e8817824a076684c32f461a9e7b2c61b52113bb0c3333549c067bfd94e7648aa39b53eb49a4
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5ifzWrWO:6+WpDfmRfmhSfza5

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3730) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\micaut.dll.mui.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Defender\MsMpCom.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe

C:\Users\Admin\AppData\Local\Temp\ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe
"C:\Users\Admin\AppData\Local\Temp\ab7e9e2cd170fc164614e4ca0b1e5471c3ba064dc52efec49da0c37b7cd203f1.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
78KB

MD5
219550ff542d78c2c49358f8e27025e4

SHA1
1672e883ad26488878ddbad91b6e13a39336f76e

SHA256
f079167d86b827a84b4b2a5242d9a351582077088e8655ba0c2b23a3a6aed848

SHA512
bb4dbbf9989a9fc9045fa0f6d54af07295ae5d3a28921f0dd3cb96a2aa7becbc304189162bcf15d7d24646cc356b677f8422971a52821f2d3a0577cc8896e4b4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
4e716b8da362b6ba66ee1877bdb43a13

SHA1
c4865b268b018016141b16d4e0bd068f0b1d5839

SHA256
bc4827687723e206c4d33ac4cb43f61e9eb939365a44b2c876e804d3b667a908

SHA512
690240e0f270215ff2396754ddfb1b19e8c95fce474a104f55453718837ad6037b29e263436eee9397de300ac3347a92e93356a7e62b39beebf9890b2e3d7aff

Download Submit