3723657cbd7042dfdf4d10321141082ceb75b9fc45d9e4950daa1dd76b45e754

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f19f57d4776141262e4d1eedbef0dc60N.exe
Size

53KB
MD5

f19f57d4776141262e4d1eedbef0dc60
SHA1

e928e5c1ef05ad3c657db2fd26a0fc85fa182dbd
SHA256

3723657cbd7042dfdf4d10321141082ceb75b9fc45d9e4950daa1dd76b45e754
SHA512

e87a5ba971ce12f02daa296d550fb6551d568fd6186e674c4bc2bb06dfe3d3504954a786359e694fd14297a8de898bee501ced94c1f758433b322a3c87de760e
SSDEEP

1536:W7ZppApBULcfpHLcfpyDoAQeLeAeLeJ0Pnv:6pWpBwchcwDqnv

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3277) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\StepUse.crw.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	f19f57d4776141262e4d1eedbef0dc60N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f19f57d4776141262e4d1eedbef0dc60N.exe

C:\Users\Admin\AppData\Local\Temp\f19f57d4776141262e4d1eedbef0dc60N.exe
"C:\Users\Admin\AppData\Local\Temp\f19f57d4776141262e4d1eedbef0dc60N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
53KB

MD5
cadd5ee877b2ff4ade197e0be1d43dbb

SHA1
01cd8d6dea32edba4e56df1c6e1d5830315148e6

SHA256
90fdec5b97671414e91dde828ade0625f7616e720f508322638766339062656d

SHA512
ecc78c0de0213e89514d14335593bbabab8016e232cd205573a47680c07db2df142c07c09c3b7ef493cc2de9bf0228675f5c54d34fe73949e4ba60f5e2a7da57

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
34b06dbaf57aebaaec6b7a24d5be113c

SHA1
2987aeb1215524024f0ea54291cdf6518da36cdb

SHA256
31ba01d35a63b01945593732451ac5548cb601763ab27df7abe35f91917b8c1e

SHA512
a1d0197fe45e7fad308da65e21c221038e6e0122587a193a1dd10c6207bbdb032755a4bcee30c91e558bc858bb40af27db18a4d1b03c180bfaec813e6aef5bff

Download Submit