31fd1454c9dcfa04ed0b2b48b99fa17c46af72cdd14f2e2de8629064ae0aac69

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 19:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36e0e2abcbc9d58f75be09be8e602910N.exe
Size

108KB
MD5

36e0e2abcbc9d58f75be09be8e602910
SHA1

9bdb16d1182fdbd2e9ba6b1e1aed2ba72a8ef93a
SHA256

31fd1454c9dcfa04ed0b2b48b99fa17c46af72cdd14f2e2de8629064ae0aac69
SHA512

b51c67d6988a15337ff5a5d462276e61ac74f80a31c7155226dab6cbebe678b9b08fd99f355caf228c0d79d3709cd0d7d209833a123b410780d7a4086209507e
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBR:PqFF2Ie+efsim2QF

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2887) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	36e0e2abcbc9d58f75be09be8e602910N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	36e0e2abcbc9d58f75be09be8e602910N.exe

C:\Users\Admin\AppData\Local\Temp\36e0e2abcbc9d58f75be09be8e602910N.exe
"C:\Users\Admin\AppData\Local\Temp\36e0e2abcbc9d58f75be09be8e602910N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
108KB

MD5
d5333768793aa4660f831a654e1d5a73

SHA1
8981dcaf76e16c1d660ca06e8cc4f847775aa1be

SHA256
8194d3877cdef1c200450e14ff954d68809797a859205e6f5ac5d74e6f19a682

SHA512
4fad5753096ddfda1ab02a89a488bfb379c1f33f302e03493a4086d707d0a9d46d0c64135b7e0a1aee7e4067aa543a05fd9e42b949696ed28d364958df297fa6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
4dd972d9a6b370d595e752d46d20b0ae

SHA1
5c1e3c91a5e4da3ece0274fd2c87a69367e43530

SHA256
9da78bc8a82e49fb0a650b85f5d9054cd6e957cd7626af5d95349f1a7c6c58dc

SHA512
348b3c0eedc730b4f713511a44b67f9afa078f14280a8f7484678585933f2e2d1642dd44382d5722260413e2bfa93ac4eb77b4684a13fb3ac20da70dea7dbaaa

Download Submit