e72f0bde01e5720b690657e7eb381ac688f2c272435ee72c00e3ab2e65ba464e

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 01:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
Size

46KB
MD5

4dc0ceeedbe8435d3eba58eaff44d5f0
SHA1

62560f8f71dd109b5e69d7f400e1ff34c39f88c2
SHA256

e72f0bde01e5720b690657e7eb381ac688f2c272435ee72c00e3ab2e65ba464e
SHA512

afa215a4eed98cbcc2a85c351b0b54f086e9e6901c080f7973034a5e5354b35ff979f747759726acbf6d2e9741d88bc6cda8970cfbdbdebbc6e329745e4931c6
SSDEEP

768:W7BlphA7pARFbhL801VvM801VvcR2+lJtZ2+lJtSs6:W7ZhA7pApw03vR03vcltdtSs6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3291) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4dc0ceeedbe8435d3eba58eaff44d5f0N.exe

C:\Users\Admin\AppData\Local\Temp\4dc0ceeedbe8435d3eba58eaff44d5f0N.exe
"C:\Users\Admin\AppData\Local\Temp\4dc0ceeedbe8435d3eba58eaff44d5f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
46KB

MD5
11a6ddf008a8bb665407f9da046ea37a

SHA1
f26d97a411d3fbe73330e132dc63983c5223589a

SHA256
26bb33649a9566f8b04c4b29917392741508f849b5ecc2cc44631460cb84b9e4

SHA512
259b605056a0e3c75b68f03c7fc0485d36141776d14fa031e06b2bcdbab93d1690f1e59d143f52c815b3253594f7b7c40e44818dbf7834f14f190b7cfd3559e2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
98cbc5d1bf9aa1654567ea1430d68490

SHA1
d45fa3d3b85329c035d5bd9b64fa6eff0a21988e

SHA256
ff3e5dfba8a77ea23d60cf2daa84076b32d8995b975a7830312033cb8cec41bd

SHA512
ece1deaa4fcfbaad6b149bd2549111b5eff1038c06202563dd2c23168b6044c1b43a8889232b1c352b41120dba17e3959aa619f6d7b72c25a7fb528269e1c49a

Download Submit