be21382c1e1c693abd091accfa3d85905f5c565339fda770faa83a35f7d67c29

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31670441504513bf7e1d9ffe4bc38b20N.exe
Size

38KB
MD5

31670441504513bf7e1d9ffe4bc38b20
SHA1

bfd029dff124716dcffd2785805e2903fedca014
SHA256

be21382c1e1c693abd091accfa3d85905f5c565339fda770faa83a35f7d67c29
SHA512

597bca7a88e342519e10888fe95315df2fa418844805a4f941e7d4e19bef339c9546208abb8e776fcb1724c7f18e48a1073691ab82ffbfce01f5500dad96eba7
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lswQ:W7ZhA7pApM21LOA1LOl6F

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3342) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	31670441504513bf7e1d9ffe4bc38b20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	31670441504513bf7e1d9ffe4bc38b20N.exe

C:\Users\Admin\AppData\Local\Temp\31670441504513bf7e1d9ffe4bc38b20N.exe
"C:\Users\Admin\AppData\Local\Temp\31670441504513bf7e1d9ffe4bc38b20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
38KB

MD5
828f62da393beeb4204f76e8c15b19d2

SHA1
7adaf9f3c0561cb8abc9304ed0bd74f8b1b31239

SHA256
bdb754d48b77402f72af1c554671fe99498e35e1f490deb29d1f1a8957642856

SHA512
4d09b610957e5f4769e0c9d1cbcea114565b26f8051887176d59ede25ca321aaf44841577aeffdd8b9627b529a23dc7af6955ca2dacd6b8c5caa98246d59ac70

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
bcf83fb41492e775ce8bdc1d68d49a08

SHA1
4fcfa468ed017cb655362e85b14bd6286589ab2f

SHA256
514395c580b81622e5a449e0d1719ad84a9f853baa62aea0e75803ccac64fc06

SHA512
0f3d96aad697762ec3949ce4d43467896ccae73764612358b6ce0b556141e5966af197e429f81fa192072f0d423689c2de661eacaeb6953c5cbb6a73241970c1

Download Submit