cdc100a325396394970ced6428ad3cc3a7aecda4ff5ea41b7f80a311fd31a4d3

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 19:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b5739941d1f55dd1a2a3f7239005f20N.exe
Size

43KB
MD5

8b5739941d1f55dd1a2a3f7239005f20
SHA1

b315f3374f1958971fe1c1e32c1052a331c71c9a
SHA256

cdc100a325396394970ced6428ad3cc3a7aecda4ff5ea41b7f80a311fd31a4d3
SHA512

02edb50450f10c1e613eeb5fad1fb0d5f630e54eb74afb7253b393c04239b00ba14be94cd31b3161c6e285872ad5ede6f4bc88d1ce98d61248e06be77d7a2a6a
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/F1Ue80EoVvSWqvrB/EoVvSWqvrBU:/7BlpQpARFbhzUe80ESvSWk/ESvSWkU

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3228) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	8b5739941d1f55dd1a2a3f7239005f20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8b5739941d1f55dd1a2a3f7239005f20N.exe

C:\Users\Admin\AppData\Local\Temp\8b5739941d1f55dd1a2a3f7239005f20N.exe
"C:\Users\Admin\AppData\Local\Temp\8b5739941d1f55dd1a2a3f7239005f20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
43KB

MD5
d5d4bdafe2e32e44f735c9d405ce5c5b

SHA1
57cc1caf882b5c9fcd13430b615a760f26640af7

SHA256
1070aea7e88df329cba15a56d3d9d80ff929896aa2ce14fe2ce3bdd0ef16017a

SHA512
42780e62095f395fad4bdd0e34012c4b2375be7674b825b77d86187e1f280a4691a364db2d3f35eac35ffa1c9e56ed72dd65ba39e9ddac56c09431b7dfe352a5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
f32600238c54d9b181ad5c26d4e58936

SHA1
7d968b362b31ff5cbc5b3d538194ae9917622ec6

SHA256
79a713e5d72b7d767349ff90cf0842f93a46aa3f06d5bed1a5de4a998e08e490

SHA512
b8ed6133f332f92d5391b71e0736e13f67543ecfa75213a972b4f111bb6cc0a2bc0bfee3002d8c25a6ee66619f5a349d7892bbf2e456de5aecc986e60172d615

Download Submit
memory/1772-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1772-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download