5d907bcf628adbadb6513d5a18cff9dcc289079f215653d25cf19086b0f736b7

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a0c712875be410b77e0d6f24b83f630N.exe
Size

94KB
MD5

7a0c712875be410b77e0d6f24b83f630
SHA1

1496d5a2280d3d7d0431f85421dc2fdc1f635279
SHA256

5d907bcf628adbadb6513d5a18cff9dcc289079f215653d25cf19086b0f736b7
SHA512

16d4f0dcd2c1c2f9cc229f0efce9c1eef329fe4ba3e9cce52d97385894484ad6a7476de4d295d1813f2cf9327d2854c31e8867c14dd4e50ee1cae982b1b7402b
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhi:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs7

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3146) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	7a0c712875be410b77e0d6f24b83f630N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	7a0c712875be410b77e0d6f24b83f630N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7a0c712875be410b77e0d6f24b83f630N.exe

C:\Users\Admin\AppData\Local\Temp\7a0c712875be410b77e0d6f24b83f630N.exe
"C:\Users\Admin\AppData\Local\Temp\7a0c712875be410b77e0d6f24b83f630N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
94KB

MD5
1d90aa61f79234b0bea8e70265503149

SHA1
38cbfcc82fd093d9bef18f8cdcb5eebb0070fe61

SHA256
666338acefd93d98463bf4faba90f0841cd1f9fa288c3c03c2b019871dd63d3e

SHA512
23f708c7280948e99048874ae2f25d88b6763e8831d01b9a77b823973e1749107d7171614d775a4ce784854d1edfbda832ff2cbffe0c6970ea4e29070da39631

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
93a8942edb6d399ac4aa4ee57170cad6

SHA1
8b708c0611d8a10a0094916c667fb74f14e4e778

SHA256
9278dacab8603ed6cbc37e29fce4c7afaa880174bd612b1108cad7cf7b241582

SHA512
e03fda803f61d6c7c71b94e1a6878fe70a08a5ea0e489c655ca29f4563d18b50a53bb767994a51740300774760e313617deb02d4ed4e3b5b65a4fe33a86bb2a2

Download Submit