5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
Size

45KB
MD5

1396cb40b43da85a63c40a878de5e731
SHA1

78b713f0f77b9c4099dda6869c444c1ea42787e9
SHA256

5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af
SHA512

4e74cd552d5b68db20f52092b53b261c525d6a2ae329fe7d338cb421ebe49212f0a4162c7724a7f16880200ea37c4e93e8b13d50039645ab49a6bf128deab83c
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLkEQZqa:W7ZppApBULcfpHLcfpyDLqa

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3811) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipBand.dll.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\init.js.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe

C:\Users\Admin\AppData\Local\Temp\5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe
"C:\Users\Admin\AppData\Local\Temp\5de4aa487c42147fbfe6f38756464fa2415cd861e1d936182f705c65443b16af.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
45KB

MD5
47fdaa567b1ce1a78898e312cbf61d7a

SHA1
1fe56c58e19b5c70ec472cb8d113686a5a05c24f

SHA256
b7b5e8866781f37cab4e33e71ee045ee91b4b62f6b14e0a55371e11ea917f738

SHA512
896cf1783bd4a6f587178322f7816275f39712aaff81716565679710dcc66585536172aaa6be53cd06a4912b11f3559465feccaec2c562c62e58cd2082844bc7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
33387be8e1ffb38d58e07c0ff621061a

SHA1
560186b472a82a4998399493e61ead393920d178

SHA256
02492a67563572dd54af04a932da373b1e72a1bb32ea3beb9503e7776674d081

SHA512
10bc4215d3361bfc6bd7f2f099dadab93399141e336eea8994385c1adbbdc13e536fcff7f001ec0e09bda0e446ef0666bd93df6f2d4a64a9d19e090c2ebbb8ac

Download Submit