20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 19:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
Size

57KB
MD5

b5281bf630dff3b785269edc11af53e6
SHA1

bd079580549391b7b969d788ecefd013681c3cac
SHA256

20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba
SHA512

6952f5f230aab271c411e41106c20c40c8ff827b3e596343c5c99bd12ccc329293294615c932ed2ad2b8e3bc8f4c4e8df86d5f43717c9570b4a55455e10f89dd
SSDEEP

768:/7BlpQpARFbhq1KX101GI67I7gmdGwmdGN:/7ZQpApq1KqgmdGwmdGN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3754) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipBand.dll.mui.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\HLS.api.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe

C:\Users\Admin\AppData\Local\Temp\20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
"C:\Users\Admin\AppData\Local\Temp\20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
57KB

MD5
a9ae4e3cc6ba2da601b3addc4d9be844

SHA1
c3543b9f98b5eccd26de16eceb131b8831342f69

SHA256
826937b3f168d8cd3f9f59bf4d841c128d1a8afc7db6b0f051905d9946b12ef3

SHA512
1ddcb024a939916d57a0f4f540ea402947f9a74fad5cf69da3fea809253d5d2d7a93581344f428c07c8f718e19444706553d9abcd2f6b47fcefe64e1d2ab8439

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
ef905b9ebbe2c92e6e779c115789325d

SHA1
160e28e2fd7711fa2414794903c1cc83e2f93300

SHA256
a872461157ff7144bfa97228c094a80656c5b7d811206368cc8000e357c9cb41

SHA512
a9e6d27e9116a9d3e7b7e09431da44454a3116be076d771bad9dceea5d6f0c1eefe1f8163cfb5a368d5f96c69dd1ccc560e7f0a7ab7026b1e0eebf9f0c706b93

Download Submit
memory/2148-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2148-72-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download