878fe172d9b008ea4dffc42f74955edbc8cc357e5c6ee933d80077d001754b32

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35943ab5907808d8bfba07bfe6d3f070N.exe
Size

85KB
MD5

35943ab5907808d8bfba07bfe6d3f070
SHA1

62e7e083112e5691d4216eb53a9439738bfc0910
SHA256

878fe172d9b008ea4dffc42f74955edbc8cc357e5c6ee933d80077d001754b32
SHA512

50a483a652cd5111060f76848021696b4629c9c9f160a28ab6afc4b11e0629fc760cee94c188836b90933d6bbf417ded4feeab988b0627fe52916e7705720654
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSskCIWIm:6e7WpP9oVLQthbYY9oVLQthbUvRIWIm

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2963) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\ApproveGrant.htm.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\UnblockRequest.mp4.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	35943ab5907808d8bfba07bfe6d3f070N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	35943ab5907808d8bfba07bfe6d3f070N.exe

C:\Users\Admin\AppData\Local\Temp\35943ab5907808d8bfba07bfe6d3f070N.exe
"C:\Users\Admin\AppData\Local\Temp\35943ab5907808d8bfba07bfe6d3f070N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
85KB

MD5
a10396d55377e0c1568afd918d2b98d5

SHA1
45ad6d544a3a5833c9f1132af03626fe0a489be2

SHA256
28171f2b24e4d723587dc3418f84441b28f61c02e3c1bcb3b5c8c8814d2d4a78

SHA512
f893e209ccb8e0a96c3a501d18b885ac7c380cd9d11d9128de457050449ebeab667323591df0924989d75e111e3e0753de5e8399bd9d0a556c07847862ace032

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
bb4cd70f32e08d083240e535bf73b122

SHA1
63953e40188bff9b19121b3755f23300d5e9a1f4

SHA256
1e5682ed05503dfdbbc49023df8584f385afcf797fbcbf179b06a3aa58c965a3

SHA512
f7e4d665f60d2e411236a595ab97e1f98a806600239b7fee5865afa76b0bb1ab070934c3d9d48129a5d987fd15c21148245b85057932cf52869341c22963203c

Download Submit