d9c73780428f91e2bb7cfc4543a5f47509cc0f6018fc8779ffa0713692f7f36b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f19c52b34c9ed4977c185adacdf109e0N.exe
Size

74KB
MD5

f19c52b34c9ed4977c185adacdf109e0
SHA1

6fe82e9a402f59ebaa8e92da58cf1d27df90d19a
SHA256

d9c73780428f91e2bb7cfc4543a5f47509cc0f6018fc8779ffa0713692f7f36b
SHA512

203fc4845c07add20e53ff0c0a49a249ca7350edeb85f37e2cfb6f37db394a760f4d8c4381872458ec7b93f73430b065a1c5df369754e4779958a8b6fdf6e093
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtb4HBZjlwGpCYnigugqOzM9bdifwMtxEwJjlVkUZ0N:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjl0

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2887) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zG.exe.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	f19c52b34c9ed4977c185adacdf109e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f19c52b34c9ed4977c185adacdf109e0N.exe

C:\Users\Admin\AppData\Local\Temp\f19c52b34c9ed4977c185adacdf109e0N.exe
"C:\Users\Admin\AppData\Local\Temp\f19c52b34c9ed4977c185adacdf109e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
74KB

MD5
9f95b1e48a30234be829c95733bda640

SHA1
42d06d290b4b2a07f9c7f8d79ec600c20987c5e4

SHA256
d806825dabe4e422ee1a3dbd0e583de2f5f2ac76d033c57c4c70278b662b7fad

SHA512
75798928aec42f51378f3ceba95c3383b19cc8ea151dc38771798bd71168c752cf41f5bd285b74db90020841c574a09652fcdf36794254ad3da52bcd7854b054

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
d230af5c10ec8b97167fb97bab39a33c

SHA1
0e50c9ca04fa312cbe436a7a272e4ff32e936469

SHA256
249045c88bb524d33c43afa2f714686b787e6d2255aec9fb621657c90b2cc749

SHA512
b8056e3beed49b8eca7712d7c44f48b351f59c39725d0616ee23566cf47a947d0212189b1ae9afa503f287f5fde6937010c893bb50a0a2dedadf13bb0e42c294

Download Submit