bb4d3122949f0de622d3d8cbc4fabd7c16c92f6a32fcd69e709117449f781668

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
Size

77KB
MD5

a0a7b0c37e61e7b9a63b4fa2bc091820
SHA1

703c16cc97564c898b9b0fceaa96dfee4dc3b711
SHA256

bb4d3122949f0de622d3d8cbc4fabd7c16c92f6a32fcd69e709117449f781668
SHA512

3d914ef362f3c771eb8b93e4c7121107e6acd7b8ab0a409b0817aa065bfb081672583412a0c620e8a864c09b3601e94a09541cbc205ecc382049822539ec6fa1
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8Ue+bCeh:Te76WQSotbCeh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3162) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\CloseExpand.ex_.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0a7b0c37e61e7b9a63b4fa2bc091820N.exe

C:\Users\Admin\AppData\Local\Temp\a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
"C:\Users\Admin\AppData\Local\Temp\a0a7b0c37e61e7b9a63b4fa2bc091820N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
77KB

MD5
ecb2a4ef6055ff2accf699cec8ecbd12

SHA1
a7d5b23c2676f8ba02d7eae60765573ab92f4866

SHA256
17506eaa82e3452e0f0b51adc31979cf313a20c99e87ad4fca80cf92d44a7a49

SHA512
66a0f0f63c5f21ca95f146ebbeadf232094dc2edd76deca785b7f4884ef1eb148df3f45bbffa863d3fa3d3dcd1bf115eafbf74e7935d3f1d2add827e2e44e366

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
41ab7d31c06c3b67b0534b7befec89f3

SHA1
f45bd2eb1bf4e11ac4a705aaa80e35cb7cc3bf30

SHA256
b734805ccaed21ceba88d0445fe962da71f462ac53636926002d983850929055

SHA512
da5efc1bf1668d395813e114cff5c77df6bf0b5f7d516eadb022ad875de0a56cbd842eb64874a99558ab4285ea3960347248e4e364ca4f9a9010ffab656f1f1c

Download Submit