6cb4757c063db4636535a82f7cc41d7871e4019f949d2139377127e651801f53

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e7d8258c892f4e0fd5578b033567e20N.exe
Size

204KB
MD5

7e7d8258c892f4e0fd5578b033567e20
SHA1

e399e1e7926aea6032d3f3e0bfa2d0e11adc2450
SHA256

6cb4757c063db4636535a82f7cc41d7871e4019f949d2139377127e651801f53
SHA512

7911098f298cc352bd2aa4776337ce270849c3904647bd062c1f4eb8d5d00b25ac7f4d86432222e868c67f25c1602d7d1d027ace56b655cfe02fbb942e6a98be
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzky:RqKB+tOkWKR0iJ0lTzky

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	7e7d8258c892f4e0fd5578b033567e20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7e7d8258c892f4e0fd5578b033567e20N.exe

C:\Users\Admin\AppData\Local\Temp\7e7d8258c892f4e0fd5578b033567e20N.exe
"C:\Users\Admin\AppData\Local\Temp\7e7d8258c892f4e0fd5578b033567e20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
204KB

MD5
2ea79416062c77bc8dd2a1d38b25c7cf

SHA1
329314c008a31f4a0170f251315aa27c86d37d96

SHA256
34862dfc1dd78367e962d289b0c1c34637572846414e12f1ce6ea11ba9345251

SHA512
fb43e7a6f0f425e3f0c7b7b6fb6a1256e4b3b9c318779c5cf93eb3e6de832e36c927f287242eea6e91b31c6940e52bdc6535d0f4612ee2519fc571ccb5cb5d5e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
213KB

MD5
e426ce0ff4d8a3819213975dbcf2abf6

SHA1
af998f3e762dbaea32ac8d47f4c8ca939e497b2c

SHA256
4c8ae5bf6a183c90bc1a8acafdae549c51bc921bb091965fa356b3d7aa87d405

SHA512
634c7a82a5cf00b664672d9fbb4c5705fdf45e3fb5ee5788368d0f013c7a81e052982addc55ea5cabd35667a445794872d007831e47f6f68f94d27f19eedb830

Download Submit