522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 21:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
Size

76KB
MD5

8ccd501b0bcda9d47bc20f3f50d7f0ce
SHA1

4597c83b29ee194e8b290bfa6310cb812db51358
SHA256

522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7
SHA512

e919d13c34c42396495803403ec0ef3f329557de8cf6917c0b6f9e462037baa7f566e7faa753fd623453a594f9527584e3fd5637e3daaef71265fea1bf8f89df
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtb4HBZjlwGpCYnigugqOzM9bdifwMtxEwJjlVki/mN:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3507) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png.tmp	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe

C:\Users\Admin\AppData\Local\Temp\522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe
"C:\Users\Admin\AppData\Local\Temp\522e30f93c172d2d4eddbcea4d2d6f3070f01c508465ef67d110204fc64634c7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
76KB

MD5
59de31b928a98fbcc542892fe568237a

SHA1
03f6d497ba55ae484cac64f746b023ab10ea213c

SHA256
2160b2dd65b553ce7f6fd028181396828d7e4edfc8ec26b7afa4ecac6e5bd957

SHA512
7f482a1cde544fd30babce4a94600dc8114a8342cad1244e22b0676de642ff61208c58e9893d2449cf01cd3f2fd06b9ef5117460f9f353fdfef3896d2a210279

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
2bdbde13168961b5bb9b278d055720ee

SHA1
69d18bac8a69022f07ebd95eea15081eb79074d7

SHA256
7d661c747db62b792b6b2941b4f9db322ef85161e9d3a64ef7212fb65ec020ff

SHA512
2374c2b0588c92c4cf5dd96c137101fded5915dca748191451511a6fb306a89c5e04cf547e2605eb3fea14d9507ac822c2da88cd783052258a5c2729dc9c36ba

Download Submit