e4731a71da6354181ad9f5768e3fb219c3bf8a09c4fdc1908c60ace9ed32cd73

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62b6ea1143d8f26e361a1c440cbfd440N.exe
Size

85KB
MD5

62b6ea1143d8f26e361a1c440cbfd440
SHA1

a860d86a6a800f40b77336980b4d779923df0e36
SHA256

e4731a71da6354181ad9f5768e3fb219c3bf8a09c4fdc1908c60ace9ed32cd73
SHA512

e71f098692ac91a93b11c39454504edc518c59ee9bebe5d0f7a71fb6de406eca848cb364a3677512613b786d5d848725b509bc8a1c07ec38368786688af8e061
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5GT6SsD3:6+WpDfmRfmh2TSD3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2947) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\EditEnter.vsdm.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	62b6ea1143d8f26e361a1c440cbfd440N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	62b6ea1143d8f26e361a1c440cbfd440N.exe

C:\Users\Admin\AppData\Local\Temp\62b6ea1143d8f26e361a1c440cbfd440N.exe
"C:\Users\Admin\AppData\Local\Temp\62b6ea1143d8f26e361a1c440cbfd440N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
85KB

MD5
433f486c8e39d6f4790cc33e8512d44d

SHA1
5285d56dc7bef9a775602357be2ec004ae718cd4

SHA256
45feb3c6baf4036dfc79ea94f23965864a2e24cdee6aa390d758d8201edf13d9

SHA512
7ea3c84c7ab71f4a1631fda1595cb58c22cfa5d5b6ec6f02a00360a153667c4bb438ed3ac45591913c6d62f4bd3b26a122c8c8a59e7ed8e49ec3e6dfd52054d3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
424d14d06117da0d7cd38633faf8dd3f

SHA1
4148b9292f5ec003d8ca61783487d08f2f770f8c

SHA256
a65937835e3e16397ddb4c0ea20b6e96ee95641bfc117e850fc3420f145f53ee

SHA512
a3f9b1a8f42553eacc5b6dd5c8be50b963a4538b4e3798c23eaa5ac0274cb699f5ffa31ca0c678af425a4d3e53e40a44c0a6810d263320a14d40cefd9be991dc

Download Submit