946a938b9dc50b075ed176fed9e082ed008d87a603a9ea952bf4d9b97f55a0a9

Analysis

max time kernel
148s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

065c220e87cd4e7bd0f048bc035bffe0N.exe
Size

47KB
MD5

065c220e87cd4e7bd0f048bc035bffe0
SHA1

10cd933fa38ad4a0dd6e38f9efe269e8e266930e
SHA256

946a938b9dc50b075ed176fed9e082ed008d87a603a9ea952bf4d9b97f55a0a9
SHA512

92259b9bc73174c7a3d19f705b65581c9731d4aabdc9adc403b30db16f92a403becb8588db6f8a2b0914a0047805b4cfa03c71b82a6fc93a94c81aea00106e6c
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJsS1101P:W7ZppApkFSE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3511) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Defender\MpClient.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	065c220e87cd4e7bd0f048bc035bffe0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	065c220e87cd4e7bd0f048bc035bffe0N.exe

C:\Users\Admin\AppData\Local\Temp\065c220e87cd4e7bd0f048bc035bffe0N.exe
"C:\Users\Admin\AppData\Local\Temp\065c220e87cd4e7bd0f048bc035bffe0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
47KB

MD5
a3c1e41a3e3536e3963d52bbb2ce67f5

SHA1
7bdc4e97a5eeea614ed6f252cda153476888b3c1

SHA256
203e14383b270828ec31923e78992e757afe38a1135febaac3d767ce1f456fe2

SHA512
675eed5490418145f774c56e57732f5bbce5bde28602aafe42cf918dae85849f779f37810c1204b81b2ef97a6d0fdcb095541b13989e49e096f1b73d4d6e26d4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
283f62d5fc8a8e811c10ae5a4a2aa874

SHA1
9361eca85289c6b6cab9e1e8824887d0ae19bb2b

SHA256
dab00ff8de9455bb195c04c2c9bf6afeebbe909ad30f589bce08b39fb87cbf31

SHA512
62f6e4165c71b57478a5bbc05edb1cd74371891083b1db61ce862f31e7ee8a62c27605952f079cbdd35313c043aa246768d8e53a19ada0274288b64b1eefaea3

Download Submit