2519c07529058d148aae53c7baea8980c1805f51cbc5c541f1c799fc9f0061c0

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d453e6b496a4b0423ca3dfe35f8db30N.exe
Size

82KB
MD5

0d453e6b496a4b0423ca3dfe35f8db30
SHA1

467efd3743fb01cb289051a7832561a4ab7d9f26
SHA256

2519c07529058d148aae53c7baea8980c1805f51cbc5c541f1c799fc9f0061c0
SHA512

0c697fd1e43d1d798e27f61f9b69b511307b71ff2e43756f5088dea2d99eabc0dc48ff8f263f6a173e7e29aa671de2120a7b51af4921b5be3322fa5c955ae63f
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfxC2R2f:6DWpLf7fU2R2f

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2885) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	0d453e6b496a4b0423ca3dfe35f8db30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0d453e6b496a4b0423ca3dfe35f8db30N.exe

C:\Users\Admin\AppData\Local\Temp\0d453e6b496a4b0423ca3dfe35f8db30N.exe
"C:\Users\Admin\AppData\Local\Temp\0d453e6b496a4b0423ca3dfe35f8db30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
82KB

MD5
9f673ab701ff900871c5f700587760c5

SHA1
042ebe75b75308ae8a20939384751f2120875289

SHA256
df534fb03516499151e3be19ab3b07ad7812f4319543e6ee300701a7d0641a0b

SHA512
a550d549e14b41532196106aff432b1b64fecbf953b313355d2faf008e16c38264c032fa0724000ac2b3b5267873f09b09ca386d7bd268fa5f7abf33fca9e30a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
bb65cb749bffd4fc8952b3a8184aaa9e

SHA1
2be48817a0f2cec39c017c7a1c7ea72ab1cae49b

SHA256
9a7a65ce7d0d0109af74642b801d62c3e1114b71cf78c714159723cf01ad991d

SHA512
ae4ecd2c4c48b23e2a2149b4a6100c6a7971986aa17a012f81ad86930f4805a38b9e5cd43da2f92a8c8f123af358f0c0ae85c067399e2ea5a66c362756abed56

Download Submit