7d49f6c83e847e373bbe0d7be1d3bf06d92a39d4bebb0fc3cb086d05b9da9ebd

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03cdd68e3edc02d2ffdc842c8f911b70N.exe
Size

41KB
MD5

03cdd68e3edc02d2ffdc842c8f911b70
SHA1

8f03f14ba5c03203eba83848c693afc03dfe290b
SHA256

7d49f6c83e847e373bbe0d7be1d3bf06d92a39d4bebb0fc3cb086d05b9da9ebd
SHA512

0131fc3b76012d0fc191c7de67aba1fb8d5af374ebd632a70a1187739e6224780b60fe33207200fa93018e1f641e3bbead1c97782f83b26a603e298d803ce21b
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c53hmb:W7ZhA7pApM21LOA1LOrtkpt6ub

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1027) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	03cdd68e3edc02d2ffdc842c8f911b70N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	03cdd68e3edc02d2ffdc842c8f911b70N.exe

C:\Users\Admin\AppData\Local\Temp\03cdd68e3edc02d2ffdc842c8f911b70N.exe
"C:\Users\Admin\AppData\Local\Temp\03cdd68e3edc02d2ffdc842c8f911b70N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
41KB

MD5
b76b196743f9ac3268f4be948260d8a9

SHA1
abbdb0189849cedf55dcf4b1a2a6432884611e84

SHA256
8c60ea3d97a997606f30aa1f2770007446764a04702fa60d14002cc6f06ad307

SHA512
f2a5718e1563412df75b9e66bc0d217108c3694c9eb282480bb41c450a6249a362817e560dab6c4c9dd276ab3606e23594cb05d25b655e69c903f24a4e9bfbcd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
e996671e3cba29e460464d545f4ffcef

SHA1
66dba3c615cdb9342e8320ffd4401013c380a8f2

SHA256
5f716a9535b084316223a64581a9e052f7fc093d4c720ff7afd70b4f52b0c683

SHA512
29f126d59279dba858a2c9cc7733cea27e5446a8ecbb617eafdbe42e53df9e3a0f79e0f86764175e25a4147383fe139e225f6dd91c1051f982f5e011b5d64467

Download Submit