1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
Size

58KB
MD5

000fc5c08cac72370c62248e6518c5d9
SHA1

5430486bb851f32616cbef551aa9d04cf6c2ca9a
SHA256

1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1
SHA512

c677a332e85c8d3a876ab65db14dd275ca0779fdf43aaff9a1cfb7c352948cac33f88af9ac38a6e54e6a8b864579bc9a77611e0a12259b7363101a1596c2416c
SSDEEP

1536:W7ZppApBULcfpHLcfpyDoA4WZwXwqmdGwmdG4:6pWpBwchcwDHwXwI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3562) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\ApproveUse.MTS.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\RemoveResume.htm.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\localizedStrings.js.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe

C:\Users\Admin\AppData\Local\Temp\1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe
"C:\Users\Admin\AppData\Local\Temp\1df257410ba12be3e37d3156eeaaf27d68aa8f2db7c0f9bcee4454fe9fcb1ec1.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
58KB

MD5
0f231b90a73388d760ffefa156b40bc9

SHA1
0926c0a90c50dd427c58bebe9562e38248388f1f

SHA256
e08dfffebed0b455b8eb32564647e0f1ea71cfe173c6a5a21ea37191e1de28bc

SHA512
3dfb8f1b54602e9596827f793f3a6ef82e7df729c580431e006585add53b94cd99349bdf320478d4687b9722d1ce6d7878d2bd4294fc43a9a8634aec376edfe1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
b882aa429db0893f4e4a216ca1cb1e0a

SHA1
15154e41be695683a0e4bdb8e5ad746bf8b72d4a

SHA256
2dfc2afba5b01a451ab9aaf2db3a1e5dfbaa4f74721642ddc1fe71aa488bd110

SHA512
9a2c8611e503880653d79c8523d02c7722a52a398ccd38a0b7bc37efb87fad07011bc9444fbae7c71e8656c7a376edbd8289541f4a84860d6e3f0c8af75dceec

Download Submit