f7c3a807d9f1f215d8c192636a523013c106b8ff676d9900feec9c52693c0f95

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2410bf35ee7086cf1bb0970ce580f340N.exe
Size

104KB
MD5

2410bf35ee7086cf1bb0970ce580f340
SHA1

e5fff1f4f08d6863999ae98d158e58ebb7ba4cad
SHA256

f7c3a807d9f1f215d8c192636a523013c106b8ff676d9900feec9c52693c0f95
SHA512

07c27d8941e190342419bdb0a04aae1064d3d4e89a64d2f9ea8bf30805bd8fa933dc7c21016e7b84ba3129fcea4b0fa01867f4dd92780901f2d616b141198b7b
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB2:PqFF2Ie+efsLy

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2848) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\CompleteShow.dib.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	2410bf35ee7086cf1bb0970ce580f340N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2410bf35ee7086cf1bb0970ce580f340N.exe

C:\Users\Admin\AppData\Local\Temp\2410bf35ee7086cf1bb0970ce580f340N.exe
"C:\Users\Admin\AppData\Local\Temp\2410bf35ee7086cf1bb0970ce580f340N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
105KB

MD5
f5555113b27778014626d3d1c5ca00b2

SHA1
5291d17fa154acdf9f763ab28e364d706383fc4d

SHA256
8e32ccfc025b6950a83541620adc6395a67d31deeab14ec537f038b9dc405ece

SHA512
7a4310201f607b1c62826806f18d2e8ccbf3fcc51079fd37add750e7ebc2afcf6377db30a276290f6e21e99375ae1be59051e820c143a92bbd0a15b6c4f613c1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
661abfe1bce14bafa932ac905c81567c

SHA1
454e7c3b275ca48044a38a3f884882ee8981ebf7

SHA256
ca2979a0a9f7ad6d84cf686105d315963ec31cd4eadf26d5d0f55c7e65040bed

SHA512
0e5337ff3953d9d6da3e61196146d23910fd03964a255b262e24621fa93055f36acae502754591d65eb9c60c986aa854fd8a3d696a56a20b842919f415687953

Download Submit