e0030726136d19a742ca0f126c8b82c0bb571875f81f09ac2fa574368abdecf4

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

296f6bcbc88e6981ce82e2882829b6c0N.exe
Size

77KB
MD5

296f6bcbc88e6981ce82e2882829b6c0
SHA1

b681240c89adb54ffa1d6a67faadb658b1c2dd66
SHA256

e0030726136d19a742ca0f126c8b82c0bb571875f81f09ac2fa574368abdecf4
SHA512

823b002526e527a1aa35e027aa9905f34914d453da1e20a39a23d64de4736b988755035d54d4f92f25b50b6fe8e99df72ff4de1969aff4e169909fa32ffbd5bb
SSDEEP

1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlEG:6e7WpRaSljeG

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3091) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	296f6bcbc88e6981ce82e2882829b6c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	296f6bcbc88e6981ce82e2882829b6c0N.exe

C:\Users\Admin\AppData\Local\Temp\296f6bcbc88e6981ce82e2882829b6c0N.exe
"C:\Users\Admin\AppData\Local\Temp\296f6bcbc88e6981ce82e2882829b6c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
77KB

MD5
d556f88a734717b82ab34843804dae77

SHA1
b6397a346c5063761c21fb87c9eceded06b8dbfd

SHA256
0290e94f369027b46fd09925148775d02d0e8d63917dc53053b4cf17f776705d

SHA512
ec1b3da9aee888c81d34bc30a212a3f37402512f5cba4cba5fdf9ef0d6a08df60f46b9711b6f3a2f7d6cfb197d5031b4036fb419250ca4e29f1f5ca2f7f5a77c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
993d738780d4c42e6006733a32c1325e

SHA1
7121a808dca600bbff62231f16a55a4f51b85aa3

SHA256
2e589ba3aeb0f815ba138389b1394ec3659842f49725cf4990488f60b97ea5ca

SHA512
cb0b0a5290492be880d9fdfbd5206cf4bb802d6c16e99da523239a60ae0b919ffbf98e4ceb06273488fa2944305c928140e8a20d687671b0a60c785327288e1f

Download Submit