Analysis
-
max time kernel
120s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
20/08/2024, 22:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7bd0fe315177723393b23657a169ada0N.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
7bd0fe315177723393b23657a169ada0N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
7bd0fe315177723393b23657a169ada0N.exe
-
Size
42KB
-
MD5
7bd0fe315177723393b23657a169ada0
-
SHA1
fb08dd234889378f8595484f99703eb9a889dc6d
-
SHA256
b570edf49095809b63f0d23280184ae290cfd05841792136d173f9cf55901547
-
SHA512
89c0b5167114055d3918a242e29c8912e23e9fa114dcff71ebc578667abdcbe12e8035ce0a69b1df2287de36d4710434aa429e1071b492c791f88e55a94afdef
-
SSDEEP
384:GBt7Br5xjL7lAgA71Fbhvt3hrjrnKvi1xDjrnKvi1xo:W7Blp9pARFbhnui1xDui1xo
Score
9/10
Malware Config
Signatures
-
Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\README.html.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jre7\bin\awt.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Mozilla Firefox\platform.ini.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jre7\LICENSE.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp 7bd0fe315177723393b23657a169ada0N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp 7bd0fe315177723393b23657a169ada0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7bd0fe315177723393b23657a169ada0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD5c7d73b3eb0436ba76bd6b76d269c89bf
SHA1cb1829e43ae2df9b50d191d3518a66dadf3b762d
SHA256eadc54c9e673d54da8104ebd371e0a756cd6bd21279c73ba7388dcd0f439d91c
SHA51219cb172c07558e0cfc330686ad7737bec1a4095f65a5463d271936a9b915cb593dd17b275c6899ff60420067447c1944cdea07b3b3a19fe88823725a257ecf86
-
Filesize
51KB
MD53204fe08f428acf07ac6ea53c2ca2ffa
SHA10ff55db5e27c619995cb57e4f64fcebf87c30c6b
SHA256fa996c9ce8546cbfbf8e7738ab362df6a8b5809b14f27e9c9089492a7ae7a6dd
SHA51218a6cf21ed86c105c4ed8ba705c6ed57b0b8371205772dc481ee2215800da1c1c99087aee7633210fc0e22055c406c855fd7cc716b7ccba34affe7c54c9b2e3e