70efa1f32661f9a04a2c06d793b4160d7510a8c18cc3269c1073a02602d694e2

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5d9e3eb443905596f4c79073aaa7f00N.exe
Size

55KB
MD5

f5d9e3eb443905596f4c79073aaa7f00
SHA1

0d56821cbab447e6a364ca85f54b49b846969348
SHA256

70efa1f32661f9a04a2c06d793b4160d7510a8c18cc3269c1073a02602d694e2
SHA512

af403512e2edfd88aabd0541af66acbe19a37d74cb6ae97422d9003fd5c33b4c2d854e27f8b5dc2484c8dd119e71572cc1611b2b793836dbe6270c1b0a4a5a29
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7cY9xTMaa1xTMaah5eiW5eiM:W7ZhA7pApw03vR03v4Y9xha1xhahDWDM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3350) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\LimitMeasure.ppt.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	f5d9e3eb443905596f4c79073aaa7f00N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f5d9e3eb443905596f4c79073aaa7f00N.exe

C:\Users\Admin\AppData\Local\Temp\f5d9e3eb443905596f4c79073aaa7f00N.exe
"C:\Users\Admin\AppData\Local\Temp\f5d9e3eb443905596f4c79073aaa7f00N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
55KB

MD5
11156b246851251418d75522b2e112f4

SHA1
74254c3ee004208a6d5c1ffeb392d323ef334e7a

SHA256
a699158c1503420d6f4ab57c36a892bc04d6c275f19bcd7a2055758ed4fd4726

SHA512
d2b2dda5cd239266a827a17c7290b084c53494e4315fe7a7bf237bf96123f5248279339261bb0215e17cd130a6562ac037e48967e3a2b4831c917b4d36c6d8ef

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
56e7612d30b57994a8130bdd44f07f43

SHA1
013ba11452e558e217c02c156e50f320d3b1d161

SHA256
81e034634f57520d3c21facd85fba071ac30f0973fb651bd73e64f6db4a9380d

SHA512
b46e26af87ffae38101b43d7183ced2142b985ec34dd0cc86f2dfabb3ed07cdf1035e5b4a8b76ca1ed9745d6c0c60eb9a729dd3ecda51b1647f2d6deee4aa6b5

Download Submit