e30373da8e4bfff25a14316692d0c67c0e37e974eb8e05dcc73a5aa020354d96

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 00:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92756167b95b894dbe6a689d4a1f5c50N.exe
Size

47KB
MD5

92756167b95b894dbe6a689d4a1f5c50
SHA1

c8f3e3d262e1e18dd642e29a65dfa317799e5956
SHA256

e30373da8e4bfff25a14316692d0c67c0e37e974eb8e05dcc73a5aa020354d96
SHA512

e1da9367af35829b1d587e58d3df3709b37653938d307c47a5fdd5be41b1ca3852d0ca929274146160e1256262e43678ae798b14d3e962b1edee23c2fd3d7c15
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7cYl7+obSfxDsT7+obSfxDso:W7ZhA7pApw03vR03v4YV+obSfxDsH+oS

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3276) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	92756167b95b894dbe6a689d4a1f5c50N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	92756167b95b894dbe6a689d4a1f5c50N.exe

C:\Users\Admin\AppData\Local\Temp\92756167b95b894dbe6a689d4a1f5c50N.exe
"C:\Users\Admin\AppData\Local\Temp\92756167b95b894dbe6a689d4a1f5c50N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
48KB

MD5
bd949f92c75b0909be373be9c98610f7

SHA1
2170d859ea1eb4b6a9e2082462e3dcfef08b60cd

SHA256
2b38ed9b1763955c5dcac82c64f49355bc4b0bd687ccf5d1429c78a0d51b3f38

SHA512
ffbbb483f937e94fe9d30e563bb4e4b705a62446e81ca141d216e242255f59acd7e727cbaab84d18706e31b9ca460ef74d5d0e19322125bf41cdfe946c068f3f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
d6bdaf57a3c086da2538ad8493928197

SHA1
ac8f0aa3e1b7a01b60d2c55719a16cbc146349fb

SHA256
e76997845ee483f4a0c5cbf6754aa08234c5e54b79e1e7f8b76b57aeee692b03

SHA512
ffa118e43a69c053ca789edbde8df013f7c7a025f6e2698988422191bf3db690ee2d9647638582b363fb116eae43385eb46704665537a067325d425840971320

Download Submit