05a514971499c85d4d93912f13bf18a43e8e0572ef0a5ef20ddd5ec2bae77ebd

Analysis

max time kernel
116s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc2577219599c45c234fc0a35bd265e0N.exe
Size

47KB
MD5

dc2577219599c45c234fc0a35bd265e0
SHA1

edef92d666d2dacd39b488eb17b477538f395434
SHA256

05a514971499c85d4d93912f13bf18a43e8e0572ef0a5ef20ddd5ec2bae77ebd
SHA512

f7a9c518771ab5e46d144dbc030a25646c0f9efe7508ddef83fa6af5d8cd45268bbc230f3a530f2365b60da87d01616f9ad2b2e2809d12e848d6763a995d54e3
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFXpK5c5khwRDThwRDvou7Oi1J/x+Oi7:W7ZppApBULcfpHLcfpyDA6swXwxD2Dz

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3118) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	dc2577219599c45c234fc0a35bd265e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	dc2577219599c45c234fc0a35bd265e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc2577219599c45c234fc0a35bd265e0N.exe

C:\Users\Admin\AppData\Local\Temp\dc2577219599c45c234fc0a35bd265e0N.exe
"C:\Users\Admin\AppData\Local\Temp\dc2577219599c45c234fc0a35bd265e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
48KB

MD5
8dcccd7fca2f5055dff8d6becc65aff2

SHA1
bb32094fa62615306e4196d205903d2eabd25472

SHA256
2ff67886b09bc5d2a95a3b8b417abf37ed16100bb554a0af842bd5acf435d4dd

SHA512
2803c30a0796f5f8508ae020db1e71bea6246cfe9f24fb8e167bb82c420420306a99d96980c0c8bff1048537265d573c8d8598c2dad1c2c6ba9466c100eca005

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
1f500e9db89f7b7b0dfe4ece8cb61e68

SHA1
0209696f84cb469c59c79a247257be532703724e

SHA256
001f40845d361ea25d23e9469379b2342131d1b73a12eafabc5b8fc73c938b89

SHA512
b466833f49bef5a9ad0cf55b577e5239ad9764a3a2d384813f4844906adc9a3de4bc6d7e719d0ff1d2e1cd4cbf0a54ffc9a9e061b7cb84940df016eec19f80ce

Download Submit