7d8a234f8e1d2dd6fe3ef63e66c40bd2dd4ba2d5e6f4a396e3f87b9e68413dd8

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

737b7c06f4b3863ce91098b891584a70N.exe
Size

63KB
MD5

737b7c06f4b3863ce91098b891584a70
SHA1

dbdd00db8b406d5ed0909d48167182c0b2937212
SHA256

7d8a234f8e1d2dd6fe3ef63e66c40bd2dd4ba2d5e6f4a396e3f87b9e68413dd8
SHA512

57ea4580ab26a253e05dc02b7f0737ba8bcfb9102d90c8eaf2d08bf0ab0ca70776457e37e0cfc0aadefd7d6954c6e266a4f6b4980f9307c7f23038e6f1d4579c
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/EZNaLmq:W7ZppApBULcfpHLcfpX2/Nw/NwmxLTW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3167) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\EditSearch.m1v.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	737b7c06f4b3863ce91098b891584a70N.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	737b7c06f4b3863ce91098b891584a70N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	737b7c06f4b3863ce91098b891584a70N.exe

C:\Users\Admin\AppData\Local\Temp\737b7c06f4b3863ce91098b891584a70N.exe
"C:\Users\Admin\AppData\Local\Temp\737b7c06f4b3863ce91098b891584a70N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
64KB

MD5
3c3f3dbb8373fabb532e88b4c1000bd4

SHA1
808391fc108a9e9697839e6563786cd0ab6098a1

SHA256
4b4b9ddffedd3bc6b94408166dd2a142ae8fcc12321f8c6aadb1b9e1c4b30fde

SHA512
dd47c6f5d77ce46f26a2670aeed66efe900f1e1a3ecb48f281e86721bd083601b3666ec054e241f188a6b3cf75711aeb384de36231bbb93010b77583a0caa074

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
73KB

MD5
2b61339c74794400a74f55831e513ae4

SHA1
eff0cf251d3b896fa26fcce6ecce0fbdda9b0e50

SHA256
b2370d4310493a91b26fa457c7ffdae09f7158d8670f0b2f8a6c21fbb3f73515

SHA512
27e285c31368799c460269f7ac686aee08aa16b39535fadc8cef638a194f311d0fc53107c2885913ef6cc98456691a927cbb87ba5b6650adf243f82447268700

Download Submit