93b3dfeae526ce535c6ba73ea064117614c6305a9b2452585bd0e24e59147f90

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f59194089f7ba71d020afc2e378f7c00N.exe
Size

42KB
MD5

f59194089f7ba71d020afc2e378f7c00
SHA1

b26969be2f7f4874cd27d549ff5ef0c840560f93
SHA256

93b3dfeae526ce535c6ba73ea064117614c6305a9b2452585bd0e24e59147f90
SHA512

f128f90fd7a75d5c25f33e1a9f6078fa8352c57a0c22a85c3a7064f4ba0fef52823e4e7a8674f3d6e85a30e291937cb1b003606b7930250c5dd04f2db36b7695
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpXfxRfxFHtHR:W7ZppApBULcfpHLcfpXfxRfxFNx

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3292) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	f59194089f7ba71d020afc2e378f7c00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	f59194089f7ba71d020afc2e378f7c00N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f59194089f7ba71d020afc2e378f7c00N.exe

C:\Users\Admin\AppData\Local\Temp\f59194089f7ba71d020afc2e378f7c00N.exe
"C:\Users\Admin\AppData\Local\Temp\f59194089f7ba71d020afc2e378f7c00N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
42KB

MD5
c06c722fc8269155d37027e460599b75

SHA1
12844db59de7b5e54ea4bdc7aff4e4a14c94abd5

SHA256
321f284e1934d441bcf67d38bf8a3b2af3c42507d7bbe659b7fe9b5995260783

SHA512
833e81d4221fccc4faecba33df7fbe7bca773e62acadee39b71525d4cb5669aa3c3bd571eacdd63508e46548337bafc0e21807c7bd468d0ec7f64313c5938675

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
f77aa361eb3ed4e9a682e7931b2788ca

SHA1
064706be6f0198f503bba3564fd3491932235b12

SHA256
4b1467c6d5f823e54db8203682c7cb9f9945777c94b8f09c2df4190e80e32d0f

SHA512
02ceb83d1e0f05a42e829c79ef145ad66366647257f76193102b36dbbf2d08ec45c335821dc413a71dd81bb429b6cc054973995c65c2a11360bc94bf290bd4dc

Download Submit