015ebd6d72b6dc55318545f7a5d10cf2dd781ec148506e1d767ca620e7a5cf11

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

653ead6189268961b445c1f11ede1750N.exe
Size

40KB
MD5

653ead6189268961b445c1f11ede1750
SHA1

18466c0b75d9bb57465aff93081ed6ac7b193437
SHA256

015ebd6d72b6dc55318545f7a5d10cf2dd781ec148506e1d767ca620e7a5cf11
SHA512

0fe08c9330f0672fba3ea71350cbd94b3d2bf0a557b27f458919297bd3984b0ed73a774edc6a8e267a58501a7150b0f8d85f3df4adb60fc43226ddd36b34fbc4
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LObC8p8IzwzS:W7ZhA7pApM21LOA1LOTMu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3366) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\FormatWait.vdw.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp	653ead6189268961b445c1f11ede1750N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	653ead6189268961b445c1f11ede1750N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	653ead6189268961b445c1f11ede1750N.exe

C:\Users\Admin\AppData\Local\Temp\653ead6189268961b445c1f11ede1750N.exe
"C:\Users\Admin\AppData\Local\Temp\653ead6189268961b445c1f11ede1750N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
40KB

MD5
2d2eea4d2b5b1c9dc5894298086eca85

SHA1
d3248494e2a446947ba40416f30370df12306fd4

SHA256
28aace426576f8bf42a306551d75db3518ace729a1c7e747912cd4d85bb97782

SHA512
7bf28b4f29511670755f7003fc37dc41695deca9e671b6b5859202ba189bfbfcaa9ff61a71a84261b1fe2c1a84660adb3e75501ce764cb050c6b1906e3e1036b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
dd171a24dff6a34afc1b04b8822fa601

SHA1
278d8e042dd4a76a712148e1b7475017bf011279

SHA256
cb2ac106267d7dad0c4759b8c53553863aed9cd401301499f99fac24671b82e5

SHA512
1cd068bd2e7c04cc1b878235255da83bb3fac72686179279af15b87786f3b885ecdaea61472a2faad1546a88811d58dd33110003a1a95c12815b46944141c3be

Download Submit