0e5f31d7a352737e8bf766043555ffb4b994cfa9964db302299cad7a487d79c0

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5690691bbf0f7b2c1b61e84948b0660N.exe
Size

44KB
MD5

d5690691bbf0f7b2c1b61e84948b0660
SHA1

2ec0daf62c4cea8e4817c3b34c3c3704e37d5d1d
SHA256

0e5f31d7a352737e8bf766043555ffb4b994cfa9964db302299cad7a487d79c0
SHA512

ee09393b17a33f73ed46c75c0e5ccdae579b01bc6b480e0691ed211d95fdbe6c3b62ed3b806c8b9a3270c8842b0718270f8080cdf6054ca95adadc26551d0958
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0k8QQ4NQ4r:W7ZppApkGpJQQ4NQ4r

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3271) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	d5690691bbf0f7b2c1b61e84948b0660N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d5690691bbf0f7b2c1b61e84948b0660N.exe

C:\Users\Admin\AppData\Local\Temp\d5690691bbf0f7b2c1b61e84948b0660N.exe
"C:\Users\Admin\AppData\Local\Temp\d5690691bbf0f7b2c1b61e84948b0660N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
44KB

MD5
e333a09a6e8274b2b8de8dee1a887958

SHA1
1cde10bbed8cd885f21f13ec71cec2b6c638fd54

SHA256
366cc51c7c9aa52198e1cf0cb2540e2cafcd8f1f7affa110b6e73d4a8611e7bf

SHA512
e17d4fe144e66fa3e7f4511104a0be5a0bb3f8bf4acb178e3cec2fed5c2e63e59bcc1be1733df75eb8be5c13a7cb3003ca276ee80a55a0f5606b5dd489781c8e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
bc428af585c6b4391f008a38f2569101

SHA1
a20198307b6e4129a7a0e53871c14c5dadcf2e9d

SHA256
2ae5a0606826fdc73719acb539a5451ce5ca31a6d69293abbeebe0b22d2506e6

SHA512
5c01de580a4bdbc3fddbd8a0f2276411058843140543484fbb30dfa36001bf37af18f15d14bf2badf21b1416ba2636a66495b12b7363aa19babd138dc289ed6e

Download Submit