45c37f5fe9eac412f3987be58a4551ccda1a49ac325921d1e5f4223d25e7da3f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7e3a5765322484e659810b0433967b0N.exe
Size

99KB
MD5

a7e3a5765322484e659810b0433967b0
SHA1

3ff39278340d021d142be74b5b85d14641db51c6
SHA256

45c37f5fe9eac412f3987be58a4551ccda1a49ac325921d1e5f4223d25e7da3f
SHA512

8592945fb9a44872f05afbb80a6f52d6da533fc6aab8f40237acba821137f6a50ae41837337bc88df7d6853a69814488ddcf43ca40c494d9b778267cf3d61dc2
SSDEEP

3072:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9ileqltetr:RqlIyFESWu0SWu86jYleqI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2900) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	a7e3a5765322484e659810b0433967b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	a7e3a5765322484e659810b0433967b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a7e3a5765322484e659810b0433967b0N.exe

C:\Users\Admin\AppData\Local\Temp\a7e3a5765322484e659810b0433967b0N.exe
"C:\Users\Admin\AppData\Local\Temp\a7e3a5765322484e659810b0433967b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
100KB

MD5
6ec5601c85a9425626013fb92557da2e

SHA1
9e2c7dce1a930f15b843f465de0443d70f884390

SHA256
a396263ad55a7147e8859b6c7e6ce441eb5836240ac7e8e07cb326cc73c7b440

SHA512
b4c316ae6ede3225988077c1313a7d5560400238ad89c7f9e4d7d2fc5eb42552212c05fb03eeaf86f72ae61dd3c6f3d11a6dde8cfa778e4e218944527ee3274f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
8b5d7e2d519da2bb4d33a9ec0690d897

SHA1
86ed66c3c7ef462f5e0281353d9861d53e95b01f

SHA256
3fbf5e4c7d066ca460637f5466a404acb1e2e3d27db40fb128ae5caaecc8c947

SHA512
383b234107786b48e3c2a85235a0ab8e75a26f19b422443382ab7c846a1b53ca15d0094ffe67b229b8dbc8c1610299aa2f2928b4bae4c3e8595c26a4bb18c287

Download Submit