2d9fb6acd34abf6f76ff6e0fda020b36480cb89a5341e35b41d791177f522054

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90dc7c865a1b00f17d36e90bd75fd060N.exe
Size

46KB
MD5

90dc7c865a1b00f17d36e90bd75fd060
SHA1

c8cdc8faf057d77871abd3b18a93118591fb5dab
SHA256

2d9fb6acd34abf6f76ff6e0fda020b36480cb89a5341e35b41d791177f522054
SHA512

c879f74345ff1da5a1ce4d13b22f66ab39556ee46728b67b7fcf46c09d8f2363b5e688f211219babe08e433cb48201e738ab3f5974109bc9f071217b1e2e9451
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c53hm5WTWk:W7ZhA7pApM21LOA1LOrtkpt6u8Kk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3086) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\LockTrace.crw.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsFormsIntegration.resources.dll.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	90dc7c865a1b00f17d36e90bd75fd060N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	90dc7c865a1b00f17d36e90bd75fd060N.exe

C:\Users\Admin\AppData\Local\Temp\90dc7c865a1b00f17d36e90bd75fd060N.exe
"C:\Users\Admin\AppData\Local\Temp\90dc7c865a1b00f17d36e90bd75fd060N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
47KB

MD5
97d95f5269cf9045e82918bbb3675764

SHA1
46ea78dd3e3b799979e441bf187a73520339cec2

SHA256
db6356e6dcf36d3f4ea6a328e63278873ccac7ff8311778345da5d517f43eab9

SHA512
685ea540bd5deb4366c940f158dbd6142669db1940c785edf524255028544bc3755a909267646908fa4e9e72f9365ad7e20e300ae1efb33952aae35924198f4f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
d0a673c720f2ea43b21d5a48c48f2246

SHA1
beb2e77461970a4903751584aac545763eba916f

SHA256
8ee71a3d8ba5f0a06c43763befb5aa7b61c3265eb94a1fadd30143c5774f9bb8

SHA512
bd0e0b0694bad16af318520dd390529ca7dbb006f179e4beeecf418cef763b797930859ae885ca584b55d8bec1adc34bcec41c8cc9bede2f79af3312c68d33df

Download Submit