99bba6ca2ea8d6315bccb87d2703530e3ef94fb748c543db5bc5921c644e8580

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7709cd7b37e9912885cb59a6b481d50N.exe
Size

61KB
MD5

a7709cd7b37e9912885cb59a6b481d50
SHA1

f18b8d5f62bf12f4568fbb37a443e592d35bc1fd
SHA256

99bba6ca2ea8d6315bccb87d2703530e3ef94fb748c543db5bc5921c644e8580
SHA512

8a67aa552569d42748cb9c4a576aa9f7569c5a0c5671ba205abbe32d8c06598ebabfd2a282a70a3df005bb455ac80d96eb02e532698734eed0c9993c23e4d858
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/w:W7ZppApBULcfpHLcfpX2/Nw/NwmxL

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3276) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	a7709cd7b37e9912885cb59a6b481d50N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a7709cd7b37e9912885cb59a6b481d50N.exe

C:\Users\Admin\AppData\Local\Temp\a7709cd7b37e9912885cb59a6b481d50N.exe
"C:\Users\Admin\AppData\Local\Temp\a7709cd7b37e9912885cb59a6b481d50N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
61KB

MD5
399eb14ca623d4e7e8a564bbb1f26d74

SHA1
9efd0a9daa71daca5386b294333af87c8bedc786

SHA256
1c4d49ae9f7624fcdde499b73a26d652be38ee469c65f6e987807f506da29b43

SHA512
1b719c56982d5b9ac52759acb31d10946318b4999843d1e952dbca2228e4b61c3f01783c9d93cf9cb0b035ca7ee4e89db1cd2de8dbc435232d5d31c8a88439d3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
70KB

MD5
09f8cd5a47e89b01dfa625d43cbff33c

SHA1
3b37f35e09851d90f52abffea8ef79f4b658ccac

SHA256
0f701e62cfb5a05f6582f4478246631a9595438788ebc7ffd6583db5f0aee804

SHA512
c0d5436cc4960feb4415ddea83337b32c9a6f7468ebaed31f91e8a4ea4fd89be423caae8a200714dbb42c2fc2388dbaebcb56a15fc4e8d287b2cbd64f38369e7

Download Submit