d6da777d4c9cb818463aa84d656a1a7c5bd0259128df101b8ead739e4033dc40

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e9c45fd18fbdf713f56cedf76d0a140N.exe
Size

54KB
MD5

7e9c45fd18fbdf713f56cedf76d0a140
SHA1

d3b5d25502a11a5e3b274a3bf7183da830c12720
SHA256

d6da777d4c9cb818463aa84d656a1a7c5bd0259128df101b8ead739e4033dc40
SHA512

4a17798c75868d8056031b6f3b2249966940e71e0bd90d62603427d0082f0fee7cca57bfae4b6c9bd43a3e1d11cf29f7bfd2fd09a8b28009563302a8511766e9
SSDEEP

768:W7BlpppARFbhwEnAAJ+AAJbjyjuhPitvt+:W7ZppApwEgyaPitvt+

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3317) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	7e9c45fd18fbdf713f56cedf76d0a140N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7e9c45fd18fbdf713f56cedf76d0a140N.exe

C:\Users\Admin\AppData\Local\Temp\7e9c45fd18fbdf713f56cedf76d0a140N.exe
"C:\Users\Admin\AppData\Local\Temp\7e9c45fd18fbdf713f56cedf76d0a140N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
54KB

MD5
4c100851d23864e0ec21c45dae869943

SHA1
96251bc3a22ac1b881e57b5d2d55a1b71cff0266

SHA256
c4fda9df9c5e9a77a4244f5567f7a6571d10517b0707fd879af3b9b45d57395c

SHA512
2fb4ed18b1b39ef2dfa33493e9689fee6275485e5b1ee30042b4e1c0ae49cf23dbffc4dbd0a6321e05277ab7b49bb1e39d85c284154bb422867d75dbc91424ea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
cae8539e1e18230900dcdfdbae6518f2

SHA1
cd541a0dcb528537537367ba7632f510a8cdc58a

SHA256
46d07a45983f9c99ff8d3430685b603f8d9ebfe11a9f95475fa9ca13aa310dc7

SHA512
54acbd6e958d82ddd7be1e3206936f4aaf7a05875053fc0ab783de1f7c3ce74484cd8e8ff31b815813e56983eab5d4358ec0d0069d8e2b5e5b69252372e050b1

Download Submit