7e301c71f0f6f11c9565599bbcfb7df1ea092280a3a5637eb4eae18f65a8ddc6

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

065bee5daf9c192b0bf2a0d982fdb020N.exe
Size

76KB
MD5

065bee5daf9c192b0bf2a0d982fdb020
SHA1

89a49a6f3a55bcf295eb2491224a98db8e509ddd
SHA256

7e301c71f0f6f11c9565599bbcfb7df1ea092280a3a5637eb4eae18f65a8ddc6
SHA512

b1f8c4e265d812c0e9d1f76ca84b7f7b7583e9ff107b70128f77fc4d481e687a7f0d164784502a9c1c91ef625f3f337c98fee87d4ff601b35c82cca3c5b305b1
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvB:6NLWpCZIzjwHwT

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3457) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	065bee5daf9c192b0bf2a0d982fdb020N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	065bee5daf9c192b0bf2a0d982fdb020N.exe

C:\Users\Admin\AppData\Local\Temp\065bee5daf9c192b0bf2a0d982fdb020N.exe
"C:\Users\Admin\AppData\Local\Temp\065bee5daf9c192b0bf2a0d982fdb020N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
77KB

MD5
0d49a8ce883a441cce1b068a7ad5e18e

SHA1
27a942e3d29d574e83ead5fda559a5283b9c1065

SHA256
dfca1d3788d99df0eb27f4fc212ee8b29d321c5a7bc9f76e178b2669fda50cf6

SHA512
01490be40890ed6f25d558545f599756078f6e7936f15e0608798b737659e568d3c2f5a1d08349b9c2cf5faf9c597b05bf6968b53263b0891adc834638ef3fba

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
6b69e852df1937eb908f22598f5fabeb

SHA1
dd3f49e36c419baea057069d2fbed64c338aca44

SHA256
281a9ad7dfbb5d8bc7283678432f790b172fa3d5c6db2483170e004a6d5554c5

SHA512
e4c9438e26f6143293f088f4c0279a1fc137c62287776f341f65d611bbde3a665b265d3be8371ab6dfaa43a09ea9e7737f743a59d4c31681b51693b30e6d2a31

Download Submit