90c5919dbbb5935ac227321e69bba3e324871f0d52d5fa07bc2d282e26303d77

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 14:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13b859e4cc90aaa93f9eb72260200570N.exe
Size

71KB
MD5

13b859e4cc90aaa93f9eb72260200570
SHA1

fed3c728adb8fa5301834396bb15cf1ba156dcff
SHA256

90c5919dbbb5935ac227321e69bba3e324871f0d52d5fa07bc2d282e26303d77
SHA512

28f67a01024d59130f0309722fd69277c043e17574a0c54116e7e3c44bb670d93d694a708d5118d299be082be57202a59d4a3f05e5d84ae8b1d2e39df806ce43
SSDEEP

768:W7BlprpARFbhJ68nNIreUYEreUYX1n6mQmB/0BCTBC+hLMhLE:W7ZrpApJ68nNIreUvreUun65nMTMikE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3068) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\SplitNew.mp3.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	13b859e4cc90aaa93f9eb72260200570N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	13b859e4cc90aaa93f9eb72260200570N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	13b859e4cc90aaa93f9eb72260200570N.exe

C:\Users\Admin\AppData\Local\Temp\13b859e4cc90aaa93f9eb72260200570N.exe
"C:\Users\Admin\AppData\Local\Temp\13b859e4cc90aaa93f9eb72260200570N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
71KB

MD5
60482efcffb0ddf9acab18f3c0684966

SHA1
388896798cd9b5a5371c20b84f44e740007c0b76

SHA256
6feeda9070e87ad7fcacd7c0b758097ac5522d6b23d08ed44903357a04f03e1e

SHA512
07fc7ed27b659cd997d2d7be8b15881b4bdf14b7a2d3ac68e6e041f5225f20818ae534027a3adb62aef1462509bf00a5dc630cb784eb16c44836948d07587c7f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
b76bdeb4f8ada613063c9339f3eb0631

SHA1
500cdb11c4057c4fd911efb816806bd756cd6892

SHA256
5263520d42b342ae1484853b13b4c159eafc071f1276e7cbeb1c7a98fcc4f5e7

SHA512
710df7aeaf5776342f9d7ea33c8310282614ac6023416350c9c42305956bdafea320545d465ad4a2c818e6455622c829d1f7a7a4dcb2dd051bb373c50b3df732

Download Submit