26ebcc2cb01fd45ce79a345318cd80e3f3c814cd73b2f4d2d6f24f6346400c6a

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c622b2b6497153bc8017dc32f86b1b0N.exe
Size

54KB
MD5

4c622b2b6497153bc8017dc32f86b1b0
SHA1

573242498ce6f103bdfc248f796936f1b59a2dc1
SHA256

26ebcc2cb01fd45ce79a345318cd80e3f3c814cd73b2f4d2d6f24f6346400c6a
SHA512

eeb692e7eca85201c1068c351bc12368ba5425d6dc354fa6b6a85c7c3ebc6281525d60c5e0af87ccc38cad3bdd00352ef1ace89a593f821d63f2f17569774c11
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7lSKSW7afHFCSW7afHFl:W7ZhA7pApw03vR03vxSKSWu0SWun

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3247) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	4c622b2b6497153bc8017dc32f86b1b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4c622b2b6497153bc8017dc32f86b1b0N.exe

C:\Users\Admin\AppData\Local\Temp\4c622b2b6497153bc8017dc32f86b1b0N.exe
"C:\Users\Admin\AppData\Local\Temp\4c622b2b6497153bc8017dc32f86b1b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
54KB

MD5
3c3f002c6ca9c9eab05193ce639f8cd7

SHA1
79a63e57d2542d33f95c1c2abec6a2f25c604d4c

SHA256
2be81a2028064d5bbf466a07cdb942d23ccb56a47f240e39dcb6fbe78bf2fd82

SHA512
c761c52bb063f4cb2ce464efe7350cbd2de1f6c847e5a4c3bf43c202274c0c5e29d196407aaffcd03aa7b4c8ceb1dd85a2928eda6a66d2472be3d9a70e93f387

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
732c6ac26872e1e67e6f858c5e4a21a8

SHA1
513c5893dfc706adfca410ef13f3ac5ede63a2db

SHA256
001f5316a5f2e3f83cbc8ef78495365d4628cd9805eb4244b386620920033412

SHA512
1229e3e20e939ec6c240107984a22b80809b9027ff5543d4cd54453391a836a25bdf059e7abac28054789658788bcb128db0cbcd57b81153820554e54b9c8023

Download Submit