baca7b9c0950da164aaaad9057de815259945f756e070effcfbebd9805458c64

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c70170e48569d4f33516731b049fec40N.exe
Size

44KB
MD5

c70170e48569d4f33516731b049fec40
SHA1

d1150acb0a2ebf7b5eaac52bb22e3f106f5bda6c
SHA256

baca7b9c0950da164aaaad9057de815259945f756e070effcfbebd9805458c64
SHA512

d517f9225d2ccd3c8e3346b357f658f80934d72b94664761274cebdc69b2cb1ab440d916ef3c3e2d180f68e71603ff7fcd64195553a92f85c59021c8cdb9adaf
SSDEEP

384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJilqGelqGjFS:/7BlpQpARFbhq1KtGFGjFS

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3374) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	c70170e48569d4f33516731b049fec40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	c70170e48569d4f33516731b049fec40N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c70170e48569d4f33516731b049fec40N.exe

C:\Users\Admin\AppData\Local\Temp\c70170e48569d4f33516731b049fec40N.exe
"C:\Users\Admin\AppData\Local\Temp\c70170e48569d4f33516731b049fec40N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
45KB

MD5
14616fdfcbb650bd82d68d35922913b2

SHA1
da2990f6b002f90fb44efae354be6af53bd6dc06

SHA256
053156aaa7debf8b89c3a50295c28223cd3352ae8ce699ddf94dd378d0da7827

SHA512
1c87ac79e0e7ee5dfd20cd7b341f1cd5a767a45fd7bdb95ba9f2c5cd5abf5e2636645d15f9c306ad45c03b2b215f8e95348787b1798a1eb376dd40097ee268a3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
07b2c2990d2ff81c31ac2302b9bd8a82

SHA1
46c20d84879d821a21d8ae5dcc29f61423977f40

SHA256
59fb8b72634c8a31f6d1fc4742b6bec18c4c9ac5ebe8744e313cf95f3d27828d

SHA512
c66d53b0dfd7160d9b87bb5792b83fc8ec203ba481fb869b0ad457793c6337903e8178f170db6568680457d079008f9c25e5e8075874fb841fbbdd1696dd4df9

Download Submit
memory/2348-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2348-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download