5c652b86387a149c479e17b7515066635c0c1ddf8391fbd99f2a6da9e0fd0452

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

147285d88152fde15641a744a7968370N.exe
Size

293KB
MD5

147285d88152fde15641a744a7968370
SHA1

6c2138438f489e8d7c73a7790b7a798e3678d601
SHA256

5c652b86387a149c479e17b7515066635c0c1ddf8391fbd99f2a6da9e0fd0452
SHA512

229cb314f43039a6fccda36ac6a3e615e4265c9c364ef1639823f967ffbfd6449ba806ce31f8db8b15eed4daab8a57e3c7cb147eb3e8bf494e999194f1f98ddd
SSDEEP

6144:tBuG6Qi62OYTPC56kmF3DcmJ4NoCL+tPTLUcusTq0y14h6mqarbq2uq9nHVT4G04:HuG6OWD0arbq2uqf0Z+

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2240) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	147285d88152fde15641a744a7968370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	147285d88152fde15641a744a7968370N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	147285d88152fde15641a744a7968370N.exe

C:\Users\Admin\AppData\Local\Temp\147285d88152fde15641a744a7968370N.exe
"C:\Users\Admin\AppData\Local\Temp\147285d88152fde15641a744a7968370N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
293KB

MD5
d6196d8f9ebab4f399c2abe25138c82c

SHA1
a9ce1b9b78fe9a1ab4062c979ffc5a5dc7347b09

SHA256
bc93553b51495caf4436b7d40a0ad9619407575048985922c536858d5453ffd2

SHA512
494fe573a2a58c78b5ad9450496997763b8d482c5d95356c75e9eaeb06816894f693d90e4f51fd26d3edc8ebc12c8a81a8bc9645a3dd625af0dffa1f8407949a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
302KB

MD5
c7e3f2e9a271a51bbbaa9091aa85802c

SHA1
21c1c6c7a9187dfe91a00dbb7c172a94e33a1865

SHA256
714fac597c0eee6497bd151c60deeee89296c5f87a0dc961551d1d930f2e7107

SHA512
fc4eb2398738520c64bd7b57f54f839aad60cfab54839990a28d14948070b27ca9f790f9a9eda9b903f2622aa5850a639466fa4b38b71fa6b59cefd5a085dc79

Download Submit