26870c6084ac096243f219778d506884a53a2952e48ad119222e45b9dafeaf21

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 18:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

82a620f5b49347b05c42f36f3a62d580N.exe
Size

94KB
MD5

82a620f5b49347b05c42f36f3a62d580
SHA1

3199a2be46a01568d82a63e95e5c2afdea79ff1c
SHA256

26870c6084ac096243f219778d506884a53a2952e48ad119222e45b9dafeaf21
SHA512

93c0c2b4be6c0a689060c716eda5da8f9ea04820708923dddf554d7a9a024b8fd2315fd76fa631c4c4351cfcabb96f0a761976e99e31b11cefc31f27168a9ecc
SSDEEP

1536:W7ZhA7pApH9QHwtRF9ESWu0SWujodsodaNovTW+SPL+cycWAF689ilYp/Dop/DG:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9f

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2876) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\LockImport.asf.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\SelectRemove.aifc.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	82a620f5b49347b05c42f36f3a62d580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	82a620f5b49347b05c42f36f3a62d580N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	82a620f5b49347b05c42f36f3a62d580N.exe

C:\Users\Admin\AppData\Local\Temp\82a620f5b49347b05c42f36f3a62d580N.exe
"C:\Users\Admin\AppData\Local\Temp\82a620f5b49347b05c42f36f3a62d580N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
95KB

MD5
698093958e35a73597d3823f8ac64326

SHA1
0492f2be839cdb7bc095f62753b0d0eb6ea53762

SHA256
3d99e9cc04c27e7eb2c8cbf0fa302d4b548d0fa9401e348256261599a0d3cfdf

SHA512
19e3f2b6d28d447c4bbc08fa2d5807ab195edd9c3aed0ae7ccac905f55642567c44bddbc0692dc30722a112445334ec584da015b6390c1d1ff4c300040d53ac8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
5c3673a46887902ed5ef75f6e5769b08

SHA1
e11454cd47237064951a367e8ef17d2bf1840bfc

SHA256
f7a8b14bfcd7117f638c32f3f915ebe4d27e1713a9102169678977ee960971bf

SHA512
0cbe7ccadeb2725a663597237ecb4113fcbe9de5f6d9f391b2422edb46185e4af337ec0806fb68429b0c1a50b28a98393ff54e020aee953b73004371fcdc920e

Download Submit