43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
Size

106KB
MD5

81ae76af01528d6085cb8e18416373a6
SHA1

5b639c18b7cfa11db3063912a77c6f7dfeb36be5
SHA256

43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c
SHA512

018cd067dff4acd172843d54b1f2d2f87125c31b35c4be6353b4c9c5fdcbc3b9067d344dceb71d2b49674129fe0c960e5ad8b4da534c7768db84718f427b1871
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBX:PqFF2Ie+efsim2g

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3494) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\SwitchDebug.wax.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe

C:\Users\Admin\AppData\Local\Temp\43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe
"C:\Users\Admin\AppData\Local\Temp\43418275b4d9b760b119963946bf670cd40ac6c864b21e8d29faa5ddf289360c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
106KB

MD5
574777f4f736083d7962d326a3e1f36b

SHA1
c2a5b9343cf6de7b740221ee98f119263dd154df

SHA256
216c14bbd062cd597110311c70ac805e3698a14dbae5d0d28fddf6604f5567c8

SHA512
a210796a7b64334249c5fef1e0209183ccdd3ebea2c93b4664a79910e8be247569973733a2fba7f0beac81fd88732dd0eb6e8f3ca5b4eb72b0b48721082d03fa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
115KB

MD5
f95f20686f96a349a1b210ef2bde510b

SHA1
022e70d7b073cd3b344cdee7e17885987433bf66

SHA256
e10f8a3b83ee6fdf901d4694bb1b87f3a007470d970674f2b9e2bf6f3067fd65

SHA512
799b3c7f166b82ed5b7e29761dbcfe94b49c6a2288537b7e56c0f0739e753c69bd2f9bff6663d41881dbde87abb49c1282c07d4c3a2b3d22bae87651f13aeb61

Download Submit