583db884cc1be715a9cab3d83e3518403e880bce1caf4a04922461b64630f2b7

Analysis

max time kernel
120s
max time network
24s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30c586753957635101fb155f43f92b90N.exe
Size

43KB
MD5

30c586753957635101fb155f43f92b90
SHA1

a5c3a7f3488f84655fbc687f0fe58330d959e1c3
SHA256

583db884cc1be715a9cab3d83e3518403e880bce1caf4a04922461b64630f2b7
SHA512

8c30d826ff6ae35e13a895ef6d9a34084dea64e5a1e7005c083b0c2009bd827fa12e43d9ffdf9555bc0162c7ec5bac44be2297b6f0ee1665171aecb1bf32879f
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFXpK5c5H/a:W7ZppApBULcfpHLcfpyDA6Q

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3152) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	30c586753957635101fb155f43f92b90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	30c586753957635101fb155f43f92b90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	30c586753957635101fb155f43f92b90N.exe

C:\Users\Admin\AppData\Local\Temp\30c586753957635101fb155f43f92b90N.exe
"C:\Users\Admin\AppData\Local\Temp\30c586753957635101fb155f43f92b90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
43KB

MD5
bb63118de42092bd73fe4bd0ec52352b

SHA1
04fc8ff224ad3702717c589fb077145b1e923de0

SHA256
495e1679db8b9157edbc55ef99fd4f022ce72007a20830677ec52dd492272831

SHA512
ffe102c862c1a6237e7acdd6ba23c762f61517ddda7413c331dc9787291ddab0858e52fe8ac347cc751310a5ed9075a2b725d417ee507dff33640e0f2f858876

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
1147dd2010818e54cbc49833c4878598

SHA1
dec1bfe5ad3a7bc672b2300b33b35ff92fbf359a

SHA256
18e2a10e7756fae42b0c1c72c477f672729273def0e2167364f2cd5c869afd86

SHA512
62f04d67d83a96f76b47cf227000ad9faeba3ff9747919c39a8d7fcc2e35efe8d9aa93b36abe050fede15fa259b410fb0d269b498f3e85b80b6096e12d4b3a96

Download Submit