96bec6005854a362e0d4abcd405b78d17459ce0416c2c7cc53e8ca8dd49ff0d6

Analysis

max time kernel
119s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7ce38c1e99e0afa1b33e88597782b40N.exe
Size

80KB
MD5

c7ce38c1e99e0afa1b33e88597782b40
SHA1

f65f38021552814c7e56d1aa46509467399bfa33
SHA256

96bec6005854a362e0d4abcd405b78d17459ce0416c2c7cc53e8ca8dd49ff0d6
SHA512

cf0ecd35a3b5aa615654f70b1d5d8c2ea4c2363653d78fa1ec90de19ded381aeeda0720db9f1b087e65a0b6500d3cb87cbac92c3dda0b58478afb1cf5789827a
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJ5DdZ/D5zf6ydyf+abMkF24kzK3jbrCkoRWNkzZ/D0:9QWpze+eJfFpsJOfFpsJ5DdZ/D5zf6yu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3136) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	c7ce38c1e99e0afa1b33e88597782b40N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c7ce38c1e99e0afa1b33e88597782b40N.exe

C:\Users\Admin\AppData\Local\Temp\c7ce38c1e99e0afa1b33e88597782b40N.exe
"C:\Users\Admin\AppData\Local\Temp\c7ce38c1e99e0afa1b33e88597782b40N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
80KB

MD5
0d70b144df558ded7138407126430621

SHA1
541e5316ce9106e531671e69338da5569e42ccfe

SHA256
735a97402e00703af1844f3d6a9f94c5ef6222877c2f08c120e38c122c7ccf3b

SHA512
bff0b33e6a81041c863a66208bc5aa263819fe841b8857dae24506843f05c3040958be888b0d6a9d32e1988b975aacb43b4cee55d10443bdaa0a906d7b87f9b4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
c18a8407af514c213f28264324ad917c

SHA1
085865595d649d931f231a72b85fce3ea92a8d8e

SHA256
ea9459a519de9754eed330fa1fa69a296c0cc14c543fc109b2d630f46077f1b8

SHA512
378807ef0c0c794012368d5839348efe28bc15edcfc097df113b159f6d36b9abef74648b2db7a362be2f41b582ddb2a4d0af33fe8351247a50797ef830136539

Download Submit
memory/2688-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2688-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download