c7f8408282628b48353f9c5bc9ec4893d8b0add5fc68982c875e4ce3109d9e3a

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 07:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2523c78b0ae306ff9960a01e47386d60N.exe
Size

55KB
MD5

2523c78b0ae306ff9960a01e47386d60
SHA1

16acbab5d0631b3d756737839acb0029309b6260
SHA256

c7f8408282628b48353f9c5bc9ec4893d8b0add5fc68982c875e4ce3109d9e3a
SHA512

5faf8274bd4da137a29e5cae70ba1c89358fd143650fe60b7ef682d47112d047b042c1519336e218688415f2c1f56da02e43d5fecc592ef8482ad3344410a437
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvgqHqMjL4jLS/3MMf/3MMy0U0czyKbNzzyKbN4HQew:W7Blp2sspARFbh5YSfffynfWK9WKWQr

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\desktop.ini.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	2523c78b0ae306ff9960a01e47386d60N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	2523c78b0ae306ff9960a01e47386d60N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2523c78b0ae306ff9960a01e47386d60N.exe

C:\Users\Admin\AppData\Local\Temp\2523c78b0ae306ff9960a01e47386d60N.exe
"C:\Users\Admin\AppData\Local\Temp\2523c78b0ae306ff9960a01e47386d60N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
56KB

MD5
4c91761753ebc1123b780e35fc6d658e

SHA1
171a6209d5c0730f192ccc3540d2a9df78cc5464

SHA256
a685ee7eb64dc3f5990e8235b039b77690c537b2249621bd33e0b0117316b9ea

SHA512
e41ec2ce844b0e2a6903966678e34c05989c4b441d9188ea2fd963ec1fc5afd903b4446ff13f5732173aa6e4099b84212f8be76a1caaad93f6b0d44552b357e1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
5c7babc8ed4a21b7428d47d923214110

SHA1
58fd57ec1b8c796464a93b97817e511a487684f7

SHA256
8a1f3ec4f463ecb3e3b05c6c04a5e4ff1bbc59f6721102cff831f0445529529c

SHA512
cc5a63b918bb12e2ae9475f21972dcdc43ac4fd75b98a1f1f7a7275fe0535193aac1d3dc1aa8ff91b4594ed472af649ac4754c202fa3d20de10fe97d186be68e

Download Submit