333d024a7481e9d9d680024f11438793af72ce15f3610b4a2a0fa06c69764230

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47672a3027fcb41ef3b1049149ac4f40N.exe
Size

101KB
MD5

47672a3027fcb41ef3b1049149ac4f40
SHA1

fe2400d176849da223bfb17ab070e1eb37d7936b
SHA256

333d024a7481e9d9d680024f11438793af72ce15f3610b4a2a0fa06c69764230
SHA512

b383d5d4fbed343f7c9e6d723c018baaca77b10b35b05d060cb2bdc6a767a418023d1be6949413c92f79af873223e3589336fb82855b9f7df55630c03193a4f3
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFpsJOfFpsJ6XO:RqKvb0CYJ973e+eKZ8

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2920) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	47672a3027fcb41ef3b1049149ac4f40N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	47672a3027fcb41ef3b1049149ac4f40N.exe

C:\Users\Admin\AppData\Local\Temp\47672a3027fcb41ef3b1049149ac4f40N.exe
"C:\Users\Admin\AppData\Local\Temp\47672a3027fcb41ef3b1049149ac4f40N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
102KB

MD5
18edc51d2e9a863869ddb98bb0610710

SHA1
6f253029715ffc30d1ee26472ddbf0ccad5e1225

SHA256
cabc6bee6c6f498877ad6f35b2a3efa471967dfacb2ce3d323fafcfe0c853ce9

SHA512
f971cc4e53fe414002a3ac8d0a70dc614f356e14767fe747c2d76a6b5ccdacf5ecbbe268dd7d8d184098078ed83a8c70253dfe13d1939883f3acecddad532554

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
02f335e2bf7e0c703a9c0eb38ccf8104

SHA1
dfcf8513bf6356a143edd54e9e40888fb9019a0e

SHA256
3b3149a4e56eea4b5454cac327f995c1c4fb574f36c72c66d04326c0e909b807

SHA512
cc518c23d723c05b860b0aa02701f630e82b3ca6dc35bdf785b5f3979e08f150fe1675d28ca443024921db625f5ce29ccade9124d647658df61e7e0b42efe7df

Download Submit