c258c754a3982aaeb29a5aa779616cca56728f368b09b2ace6725e575072654b

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b47583e194ad2419ac76a8f63bdf000N.exe
Size

60KB
MD5

7b47583e194ad2419ac76a8f63bdf000
SHA1

f640f6f457cc3d0d3be6255befcc1f25afe53f57
SHA256

c258c754a3982aaeb29a5aa779616cca56728f368b09b2ace6725e575072654b
SHA512

633b880fac75097668a36a3a4cc9de8e61812157af0e621c09611770e78037e985b5f8a2ae906bb7ce2058eebb84945c14141c2e831d472690877e58c33b6f9d
SSDEEP

768:/7BlpQpARFbhfUnUNRawAlW1VkRawAlW1V4T7mJr:/7ZQpApfWELkL4T7O

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\UnregisterCompress.pptx.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\UnregisterExport.dwg.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	7b47583e194ad2419ac76a8f63bdf000N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b47583e194ad2419ac76a8f63bdf000N.exe

C:\Users\Admin\AppData\Local\Temp\7b47583e194ad2419ac76a8f63bdf000N.exe
"C:\Users\Admin\AppData\Local\Temp\7b47583e194ad2419ac76a8f63bdf000N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
60KB

MD5
1fcaa48fa217c5d62acf431d6461ad12

SHA1
92f3541257e24ba28afa33216ac6a2e9cb99333c

SHA256
a6ecf6111445bfb2fdeac44df6e76a220d6596865d4f753b37a8a99e62b771e6

SHA512
078c7ed5aa79cdcd6531fe49c711e073f3f0b0003582555d96a4dfba8b55c7bfbb433cf9bb4ed6854383e79fd79d3d8aae42d3e0ff22c421338cd8232194dc31

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
69KB

MD5
8febfe6c7759088afa4abd971508945c

SHA1
b2417101fbd4ac8f2aa6d0046ffe5394deb2bd03

SHA256
60de610b9840fb47e4e788dd08664943a3245d201d38674cdabb295579e5d021

SHA512
a557f2ab18f1b3f8eca2f8806b37648c254174bd2a7fc34b8ce55db3719cf017b0730ce562ead87019d1d2f58110d9a153a41dab0067d0d4575d52211daf59bb

Download Submit
memory/1316-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1316-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download