5f041ff71a2389c895ca807777434235b26eca85cb7fded8c52041858f001c27

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 20:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5365866ae3f896c1c832077780c6520N.exe
Size

76KB
MD5

d5365866ae3f896c1c832077780c6520
SHA1

dd96bbd397716940e3c9e37f03c003922b0316e6
SHA256

5f041ff71a2389c895ca807777434235b26eca85cb7fded8c52041858f001c27
SHA512

5dfbfeb787ea5edd9baa10a35f8fb5a9bed5bb054d9f1ee923c0f607f381ae684877a4f11f1bfa4cc2b9b97aee4657a45e3f291292c05047f65e1b899a83a02b
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8Ue+bCeI:Te76WQSotbCeI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3062) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	d5365866ae3f896c1c832077780c6520N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	d5365866ae3f896c1c832077780c6520N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d5365866ae3f896c1c832077780c6520N.exe

C:\Users\Admin\AppData\Local\Temp\d5365866ae3f896c1c832077780c6520N.exe
"C:\Users\Admin\AppData\Local\Temp\d5365866ae3f896c1c832077780c6520N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
77KB

MD5
ccd5ddbc727ee2619ba8805e7d5d9c33

SHA1
a836658da5af38843b5134549322b58ddcc3148f

SHA256
ad4376fa87fc44af28ed08447616d6031a9f0650e1157609c64395854085a6d2

SHA512
8acabb2cde4acbc9da7beb12ed6978be1b6ef85ff8b263c6783864484f1f8573d9aff20ddd0971a5095f6bdb93718bf3addc3847f01fbbf9746642613fbcbeb2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
4534551ab079b23683ae3af308faa1b5

SHA1
bc2d5b38c283280ce938209937133be4e4b76814

SHA256
3d61398ce63de9750146579cc400f3030090ba01999ccf638e71ee6e647fdda4

SHA512
358daea4a227c661097ce0d461f40ad29368dc25907e4841ab62023c16e54b640814c19cababa63827879e4645f95af0ed6de28a7d6225ccbd0f54ebf5e62300

Download Submit