86a76e2c45b985b9a717729fc3fe995bf52cc7eece36235faf2da434192f677d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b83d0ef62f3a715c0708465a81d0300N.exe
Size

88KB
MD5

7b83d0ef62f3a715c0708465a81d0300
SHA1

a4bc07252ff28d64df890bfdfe34cfec30d957aa
SHA256

86a76e2c45b985b9a717729fc3fe995bf52cc7eece36235faf2da434192f677d
SHA512

9b7a1b4b3491f9fb6c06baa843b37c5336fd2e013805f5acf2f2ca6f40facd50abbf4145f549809a4a533ac029493d94342e6a1c32e79e3fdd803291fe4a920e
SSDEEP

1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggyaRjvmujvmRzqzlmJgwmJg/Svqz:6e7WpHIyRF9ESWu0SWuDm841q3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2944) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	7b83d0ef62f3a715c0708465a81d0300N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b83d0ef62f3a715c0708465a81d0300N.exe

C:\Users\Admin\AppData\Local\Temp\7b83d0ef62f3a715c0708465a81d0300N.exe
"C:\Users\Admin\AppData\Local\Temp\7b83d0ef62f3a715c0708465a81d0300N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
88KB

MD5
5e76491d4c4dc35077ab5d80dd53c943

SHA1
e6d4abd2caefcc5243801affc9909cfd5dff0a3c

SHA256
16c55f465a74bbaafd631f91c4a1ae666baa0c79f9a7f1f96bae4dc1a85b9944

SHA512
fcad9412ebc7d360dca845436371f2167cc9141c68392ca989b8040f6fdc086025587b25896695584d796eea702ba90ecb2d04de40c247dc661b03805977a826

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
50402f7327adbe667d27619b0ae44800

SHA1
036a088e144bb6bae1d48ce848b262d939cd99ad

SHA256
6a21c1ba9b932e3b3abd7a0b025efc45726a3b910958d701ed78acf000242109

SHA512
b5dcef6b72d42f9494d0103e57f05fe3e3bbee670244f6f04d69f91dd9b05f638ec7d8a1b48c7f2a31f2bc880fe5e29f2e17a4f5b85600589d5e79011d3001b8

Download Submit