2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
Size

74KB
MD5

f4c00f4120cdb980ad95667da3ed93d5
SHA1

8a66440ed6c10fb7eb09ebd7a65e10f1eeadb09e
SHA256

2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845
SHA512

4453c975a43af7511159843471f2dbc766d211a374b63da340b85b714367cb5bf880f31cff09caa652630c0079a26d86fc1e58d28ee6396a99e7e1eee0feed3b
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBwzEa:/7ZQpApze+eJfFpsJOfFpsJ5DieQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3644) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\ExportFind.rtf.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe

C:\Users\Admin\AppData\Local\Temp\2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe
"C:\Users\Admin\AppData\Local\Temp\2448e90045d8872f02dd157885e3332da27c67fe076d2765fccaeed064245845.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
74KB

MD5
80f3b9ef9e8d743bf3bfb6c641b0430f

SHA1
241a9af1ed71ac278462b904aad351df59d88e81

SHA256
bf18602e1fa06177a9eca2859b346f86b00b61f9d3b00fda3dc44bf21fc14bb6

SHA512
dadbace3917437b2571fc92abd37cd32e8fac36eaabc33599e728b6db83f720b5df32c9094c643d49da9e8d181ee3fa6fb8d49257fcaa3b7f7db26e6c48d97ac

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
c851e0df8d604995d8f555bef1f56cf6

SHA1
4d2206c96caa50d8f5955895e829207e84e2d1ce

SHA256
3b3d58dd441e731408ff98a2de1639eed877eb5c084a3b11847cd0da135f9893

SHA512
162736a7e824a5e96d7e267f16e2c82df215d5309fffae5301ff7e58a994cd7f67c83183ab112b8e8e549b24aae4205b38dafda63ff9f11b6a60b78392581b0d

Download Submit
memory/2340-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2340-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download