8bf0bbe01320e4808af49c39fd41fb565967993afa9cbe69ef4cd614b89d7a16

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

701995e17067c70b6b59507784a5dcd0N.exe
Size

93KB
MD5

701995e17067c70b6b59507784a5dcd0
SHA1

53da0300dd2b38e0378eb6471c6111a5694acb0f
SHA256

8bf0bbe01320e4808af49c39fd41fb565967993afa9cbe69ef4cd614b89d7a16
SHA512

8cd40326bd156c322082c83ab5d4636f726d20989a22ef0a1087808c5056acc415ab5db62808c6845ad91ef0d3c66daefc7f8861e41765d93c3beaf0166a2d0f
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzY3:6e7WpMaxeb0CYJ97lEYNR73e+eGGQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3074) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	701995e17067c70b6b59507784a5dcd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	701995e17067c70b6b59507784a5dcd0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	701995e17067c70b6b59507784a5dcd0N.exe

C:\Users\Admin\AppData\Local\Temp\701995e17067c70b6b59507784a5dcd0N.exe
"C:\Users\Admin\AppData\Local\Temp\701995e17067c70b6b59507784a5dcd0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
93KB

MD5
0c79a630f3b50a6f90c3bac531a9d9e5

SHA1
8f4974c25c70b4b59a75e53d101ed2f9981e66cd

SHA256
2e0bcecc276e39ba5f4e1c522740442046b08d67a74f1fbba93f0826ef5f5d11

SHA512
12d8c54b1e6ea01341e80b0b2c25e229ad23eb31a5178b72b2ca4aa4287bc6c1c6c5bc009fb80e172964968d00971b2742ebd0a23b9750f811163e8d9c2459f6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
1b1cf6bbc621294877223374399bd04d

SHA1
2f47074c94fb80cea68e2183cc413a6fb45631f4

SHA256
1cec89c898174b4a22e2ea40ba7b2809b1993941f8d1f7aa4f6047184061af0c

SHA512
43f88238d5007de9b7574e382b1c15c0aff4815791cd3d4ce63cc4aac19ad9d0368899427fbed1737217fc4a6957998e23ce954a6eecc5b21d791f4166c6fb3b

Download Submit