1a47b1adc04ddbb9e5e2104298b8337b69d0f9ca15cf19de86899659076c416b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f94740dd5b82c2b85cf5bb36609c2e90N.exe
Size

85KB
MD5

f94740dd5b82c2b85cf5bb36609c2e90
SHA1

b7a9e2aa791027a1b6d93b46307062dd7a67a46f
SHA256

1a47b1adc04ddbb9e5e2104298b8337b69d0f9ca15cf19de86899659076c416b
SHA512

a8c2c5fbd525d33451c69049582d2a1dad8b76226858a4bcf4ca6d3cef809c326349f5fb17f63385a8bbd15c13e873b12796d79cfd22e5558da18fd55b491a9a
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh7:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs+

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3164) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\GMT.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	f94740dd5b82c2b85cf5bb36609c2e90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f94740dd5b82c2b85cf5bb36609c2e90N.exe

C:\Users\Admin\AppData\Local\Temp\f94740dd5b82c2b85cf5bb36609c2e90N.exe
"C:\Users\Admin\AppData\Local\Temp\f94740dd5b82c2b85cf5bb36609c2e90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
85KB

MD5
07bb8d3fa80b32f23cbf929ee6cb720f

SHA1
a0d5c2688e6c6a3c8306f57b094162b518b35d04

SHA256
a8a69fee09b6d4137750a3682b89a2efd7d076468b54c1ea0afbe8de43739121

SHA512
1812e89bd04476eab74a1efab0a6760c704a884d9edb06c43ab2653f66f051a84c47d811cbdb16759ec01f24bb008ff67d0417de5a214f9d25d6392347554595

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
daf5ef76b6316adc1e8b5aaf48c787e3

SHA1
325be643a3b0de8490ab6e68d336ecb4b6f07629

SHA256
6c9c8141eca2c7a566bf24bf3c2cd885f47c146e4b1bc28d38d1fce474043262

SHA512
fa27874c774a3836e75e2b0863b6b5f1bf95c8020c0732271048325aa859e9ec4ea9b3c97335e92366ac78e7e12772ac8a2a24c3b59554e5423a974add59ab19

Download Submit