bcb451c9e811729e507299c2a53e7e6d45d239db8c90fa6f5b726dd77ed2e917

Analysis

max time kernel
96s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 23:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

529799d889485bfd62f0ca77e9c036a0N.exe
Size

94KB
MD5

529799d889485bfd62f0ca77e9c036a0
SHA1

0eeb93298f321d2acfdbd5775c46eb08dc8cc314
SHA256

bcb451c9e811729e507299c2a53e7e6d45d239db8c90fa6f5b726dd77ed2e917
SHA512

cff40078aae58565363c435286598d81ea07a3d97dd9edb37a9812a29cf344afd598c48093fa87746709f69018bb01201026d3400791fe294b2f252476767a77
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShZQ4PN54PNwYHB10YHB1a:6DWp4W6YHB10YHB1a

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2639) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	529799d889485bfd62f0ca77e9c036a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	529799d889485bfd62f0ca77e9c036a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	529799d889485bfd62f0ca77e9c036a0N.exe

C:\Users\Admin\AppData\Local\Temp\529799d889485bfd62f0ca77e9c036a0N.exe
"C:\Users\Admin\AppData\Local\Temp\529799d889485bfd62f0ca77e9c036a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
94KB

MD5
2b6f242508de17d121b9a3f6dd904818

SHA1
1f8d85f81ee0f0fd2919e54d6a609c33c4e5f2e9

SHA256
e8dc4fdec2d3fb7229249ad0f9764a6cdefabf8b8e9d872aa2ff79384cf419d4

SHA512
0e8f9727b71039378943d9cdf3506967e5031faa9aa0d9c7bfe6dd3281a0cbaf33c4a879fab5ed5c37d3f6575351051287a4a7eb178cc29735546164e89165cc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
49aa061d80b965026c76930b113e1ca3

SHA1
a55f3e7978df8fe3656149a020112981a2329081

SHA256
0bae55a20a80e3ec08b94d6c4f3911c1e231dd56399428d502d93d21000cc445

SHA512
7f2ef687263cf68419af9af0f04be1127c955eadee4a9476bf7def39f947b93450fa74bf4db5138a5c56d90dbeb6588ec660576536a86d574f3134c9f9b5b777

Download Submit