4da8097d30de018927b5e67d5b34b086a04752c0120d17b738ddaf47831f91b1

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e36f21fffa150e265b117f4414904920N.exe
Size

108KB
MD5

e36f21fffa150e265b117f4414904920
SHA1

91ac2f61116a04a8d6c96487dddc0eb1c76ae7dd
SHA256

4da8097d30de018927b5e67d5b34b086a04752c0120d17b738ddaf47831f91b1
SHA512

069fbfe1b7467fc9e76c429a6e101ff10325acc76c3216791b957771cbe63e868ff266891fe2ab38b48dd44c669452d067f92a21aea14e80e806a28b4d2f8735
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8z3ML9p5:6DWpwE7oL2e+efZwZ08i8z3MLR

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2933) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	e36f21fffa150e265b117f4414904920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	e36f21fffa150e265b117f4414904920N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e36f21fffa150e265b117f4414904920N.exe

C:\Users\Admin\AppData\Local\Temp\e36f21fffa150e265b117f4414904920N.exe
"C:\Users\Admin\AppData\Local\Temp\e36f21fffa150e265b117f4414904920N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
109KB

MD5
752ca78917bb1039fd1b5fe441059d19

SHA1
a9f33a6f51e5e526f5d6dce4531b61f9f0985b62

SHA256
5d1925323934a60ea2e8d01c20d9ffbfd47fba11570edd3705682016d6672b1e

SHA512
04da39652b34f11b052b0216df9fb25a0e1bbef02d568d71278f438a1228a4288b4ade9437e731243a651b7976495dc9f8557d374c4202d693c0f8f51d62c7f4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
f1d6d4d398324eaea224020a44fa2102

SHA1
f2bfbb9db78441dcc00e62fdb9b0d1af729d4b00

SHA256
2a1f7e96fc1e0f1936cb6559badedbba652ab8e170502ee0db6abd32122bfb07

SHA512
75c2ed282131275ec64510bf824dea3f7dcc0506792054e0d3e96117c5c353517569d40fd7f06017ed111da5a1b58ad4c2610dd43672cbed325e07bf57871f0a

Download Submit