5d768122e1c0de22083dfdab10e2b70a7b99419d650a5351d0825473b3b29ea2

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b764a3ba1eec1afad59caeb3a95a030N.exe
Size

43KB
MD5

1b764a3ba1eec1afad59caeb3a95a030
SHA1

95c9e1e82965acbb40ae2421ecbe5d927c7f71dd
SHA256

5d768122e1c0de22083dfdab10e2b70a7b99419d650a5351d0825473b3b29ea2
SHA512

c8bf2fae21f4358f17a7764bf2312a4585b7e76dc9eea4cbb38eac3c7756df0cfd2766c9ccb0f9b1c27fc44bec0ed1f3055f5ae59942d5fb98e4b7abde787cc9
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7cY1KnKk:W7ZhA7pApw03vR03v4YYKk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3253) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\HideUse.rle.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	1b764a3ba1eec1afad59caeb3a95a030N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1b764a3ba1eec1afad59caeb3a95a030N.exe

C:\Users\Admin\AppData\Local\Temp\1b764a3ba1eec1afad59caeb3a95a030N.exe
"C:\Users\Admin\AppData\Local\Temp\1b764a3ba1eec1afad59caeb3a95a030N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
44KB

MD5
1a67778a47882bebd38068517f04fd1a

SHA1
bd58742c4755163eda312a2ee6c8f9530f36b113

SHA256
d26d2a39b00a2cb0e73d442d95ab93cf5d2fb980a33153a7aac512cc5e942a76

SHA512
5ea94100345fd8c9a772c0aebcad3feb22f2b51540890f2fbf98dc5ed2ddbf5736923c8f8eb11b3f8582c1d2bcbd9d84c455d0803901b62781797f3a7f6fe43e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
965fda604306c55b0d88328d87621991

SHA1
66d3ba64ba45716de711e3e57375edba41f3866c

SHA256
112f657db59e91c3d3f3097f07421bb086642c3c9b02590a69570c4ba4ff943d

SHA512
8695f0c42f0dc833435a935c2a1f92a66daa1a3c9e15801d5c9437337797254c458667fcaf3febd9d0ba93784384e83ea8069bc4198d0f32f1954d36791b4ce5

Download Submit