f863dd99a6e517eff186236a8eb69d8c4bf1ad1e622fcbf0c03e1b66b82f3892

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 15:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

74d19cbe05579471d2f6a03c81c48530N.exe
Size

106KB
MD5

74d19cbe05579471d2f6a03c81c48530
SHA1

b619bef05e15c769bca4a0ce7f572dbfe908aa14
SHA256

f863dd99a6e517eff186236a8eb69d8c4bf1ad1e622fcbf0c03e1b66b82f3892
SHA512

fa554634e29ab245b6c0983ccd8581fde7bb62baa5cab6d26c84f7c321b8a89f6844441200a8c0d5eb4349c6c5e28e97c68fe730752bbe65500d41412d3bada6
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBi:PqFF2Ie+efsim21

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2842) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\desktop.ini.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	74d19cbe05579471d2f6a03c81c48530N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	74d19cbe05579471d2f6a03c81c48530N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	74d19cbe05579471d2f6a03c81c48530N.exe

C:\Users\Admin\AppData\Local\Temp\74d19cbe05579471d2f6a03c81c48530N.exe
"C:\Users\Admin\AppData\Local\Temp\74d19cbe05579471d2f6a03c81c48530N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
107KB

MD5
41056966f216e7cc5d96cd5d92cf684c

SHA1
d6ba34246ce37b81e12178c363d0ed1c6c6a4c98

SHA256
a8cfdc2eb816d07a00b8ab01027b7803c9aad343bf143f2e41fab2471d3c50b8

SHA512
b75a915e57e4202a1df0100de1da3dd4c7df554dfd30a5dcc9e222d53f61ad53017221a5c3d2c1c114762af6146535b610998e7c74e781b002d3c427c962c71f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
115KB

MD5
25d761f3c3f98d6b726c0ee112776a0c

SHA1
bd0f8cbf9c03c33c4766c2b47bb6e47a96e041c1

SHA256
3ad5b20c5e1668d7583ce9449a57f3d1d7fd5113160ed892c9f022ba9991014f

SHA512
7c3ae26bf1e9dff7fb891636beff686d0ffa2b28a74ab6b95de55e9e7c4627a9ee34a15a65ab724514fce0c03eb641cc75bf85e76914b722c0a1f09307ff1754

Download Submit