b514d69b28f098875e1f8525cd9a5a8dd05760f81637843a579349e4524c4c54

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c8085e8aad444fbc20b535ed4e63730N.exe
Size

38KB
MD5

1c8085e8aad444fbc20b535ed4e63730
SHA1

2827c99d63322322fbad90f0123d5efba5fbacc8
SHA256

b514d69b28f098875e1f8525cd9a5a8dd05760f81637843a579349e4524c4c54
SHA512

89d3723cba0c40cad42d7f9b44710f03732ee96230f20bf64ce8fe1c5834a873d231e2cca30041dc613ae9193f1318313045ebdd386b42b33814d99906742799
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpAfxRfxX:W7ZppApBULcfpHLcfpAfxRfxX

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3241) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	1c8085e8aad444fbc20b535ed4e63730N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1c8085e8aad444fbc20b535ed4e63730N.exe

C:\Users\Admin\AppData\Local\Temp\1c8085e8aad444fbc20b535ed4e63730N.exe
"C:\Users\Admin\AppData\Local\Temp\1c8085e8aad444fbc20b535ed4e63730N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
39KB

MD5
8e316cf600fb564718e4c7c77a376291

SHA1
b10a274ba2d9abdbe8dd0133668cad5fe5c56b1a

SHA256
baa56afe955afedae242fc126f8090c1b77531d8a4b02025951be2fa3a9e6114

SHA512
df52499c9736199bdfd42a02c1ba346cb62f0e12f177b0ba40614ca389e70b5269dadf7ce9ebfc02eee5095b554a437a78f214826570d81ca146941687544a87

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
0f048b2bbf8483b8fafe84bd6195160d

SHA1
b0ed43ee423162f2fc3bce01957f502cf014a04e

SHA256
481bf0b94f33ba60f59bee80d532a399ca2b33436c5d787607d2f9b59585fd51

SHA512
86bec9010662022e98b0500a2d46e361b3f1875fba006c9fbf689b7a8ab376d226c19eb1de7013d3aa368a9c9df320ae335c3c5e09eb111f6fec3bfa02d50789

Download Submit