bf6548a9cb27fa54cf28cc9518b35910471b2e7dfc437be5375144d88e92c03f

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5cda7b1a3257f9ddff347fa53289820N.exe
Size

42KB
MD5

a5cda7b1a3257f9ddff347fa53289820
SHA1

70c2b924e5d312f30e064a83eb66bd37f626997b
SHA256

bf6548a9cb27fa54cf28cc9518b35910471b2e7dfc437be5375144d88e92c03f
SHA512

6db19d8fdfd801df961b5211b6d95bac0c64cf22d69f4c9c7fb23a512c377ed2325221c5cdd861548b39ca9a7116ff38c32d2b4e7d8d9686efd277d17ec06e53
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpdjS101bIR:W7ZppApBULcfpHLcfp+

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3277) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\MoveUpdate.MOD.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\PushClear.htm.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	a5cda7b1a3257f9ddff347fa53289820N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a5cda7b1a3257f9ddff347fa53289820N.exe

C:\Users\Admin\AppData\Local\Temp\a5cda7b1a3257f9ddff347fa53289820N.exe
"C:\Users\Admin\AppData\Local\Temp\a5cda7b1a3257f9ddff347fa53289820N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
43KB

MD5
52ac2a6de1117489d665331335a04b06

SHA1
6c6bb02fb1d07e763c68120a2d43b511485107f5

SHA256
3a48ce95318ad9dc89a1219ad280418c58cc6d3fd30655fb516f8787fd147ad5

SHA512
ccddcc87e296e611a6a5ad66ec4935ffd279a42dc29c058852ddd90959103a3653c52ed5a12555344745ed0e5d6334348aee7d58ae4745a3ce311108561a2099

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
9c451f5b5125d963ac06ee97bef4aad5

SHA1
d3ed3942957de36124bd4143be0b9a941da22864

SHA256
6bd3588c49c67f3cab4989dfe3df13dbbc993a3b932dd27cbcb2db738461b2e0

SHA512
d3376dc4cb517c17c316ddb3c06cd0f9ac1829da94a180e224d15c8837af14724617918c68239ab67ee9912f39f36be5760df113df4e3c67d7655a1c981e38e0

Download Submit