34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
Size

78KB
MD5

b212438d28c94a09037ef7302eba7311
SHA1

29d72c2001857d946c6bdb650ca9ee8d2c944f7b
SHA256

34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839
SHA512

3b43ddcb420c05ddd8ffe7a1b080ae088296e5a2d9bb056cce97cd5848cbbd91677d1f7c81da3333caa8000591369a071b57ccced6643a2304dfdac1a2ea8d8b
SSDEEP

384:yBs7Br5xjL8AgA71FbhvJUfWGUfHjtmjtd5NaMR5NaBQp4g7s4g7M:/7BlpQpARFbhiWb8naOnaBK4g7s4g7M

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3729) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe

C:\Users\Admin\AppData\Local\Temp\34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe
"C:\Users\Admin\AppData\Local\Temp\34aba8456ddef106e58f2ed8cb16dfb2b1360d9570d6782aae36adc28514d839.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
79KB

MD5
5bfce440dbef92d669f0e384893fcc1e

SHA1
98354e8500078049b06c07c4546cca7a7f5935e0

SHA256
8dedd4c338a7bb5e3af3f78c8868c512a2544faf49c9012618a0f1654d92f7f8

SHA512
5120526181a5add0e6d5f793c4430860155e90bd1a52d6e11bf278924abbf28b3dcbf3e7117ce9164561b4d1abd26ec903ab31b1911e392c4724404226f30a72

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
074b2cc0f859617d40ec1359b603bfc4

SHA1
d06a8c122e29c1522fab3e1026b01372f8d878cd

SHA256
9073c38cdbfb4fd5e01d3dac029bd64a6dcb1e133884719795a439ecec4f20cf

SHA512
7d9385a711ceb7e85f50a0c8eb31d63456ac9362b37d20e6aed15ce6f7aaf8c3799ec04cb513c68c30cc580af0ba10edefbf0cd534425ebd06d87fa5be5fbf70

Download Submit
memory/112-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/112-660-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download