22aaa433e29017b18ee4c6beff7a0dd7072c668ef062fd7c7a06bd1ff39c40df

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15e02d98df58fe2f4ba00ee0978536f0N.exe
Size

53KB
MD5

15e02d98df58fe2f4ba00ee0978536f0
SHA1

d6e10c1008d900896b4bd0670fc5ceaa9b963f4b
SHA256

22aaa433e29017b18ee4c6beff7a0dd7072c668ef062fd7c7a06bd1ff39c40df
SHA512

de974e2ce2aaac6b68ed3fcfdfddb35cd6026ed6db9a47478ef06bf07ed16e54dc7916df2e46f400b1c86eaaa70816bee9adb2d21a05f94ae75646423f402aba
SSDEEP

768:/7BlpQpARFbhfyiyooa0OMiJfoa0OMiJ2kAHAZIFRD+Vy2L1IFRD+Vy2L2QW8C:/7ZQpApHz8kAHAaRfRPQS

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3267) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	15e02d98df58fe2f4ba00ee0978536f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15e02d98df58fe2f4ba00ee0978536f0N.exe

C:\Users\Admin\AppData\Local\Temp\15e02d98df58fe2f4ba00ee0978536f0N.exe
"C:\Users\Admin\AppData\Local\Temp\15e02d98df58fe2f4ba00ee0978536f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
54KB

MD5
e74912edc7517fee3179f4014f715727

SHA1
754e916e87442846de81be54cea162c17d0aff37

SHA256
f6b767e353aebcd6f1ce32220393e0b7ea681696a3f09f50e6507e752dcc8dc7

SHA512
7bc9e5d673a97b5149675db2d8625484fbce602df163c37ccd9a9d29edebf3f87ab45e562d92fc330b8ecea97200394be38feffabd0831838440c15f0d31c36f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
d73c8678ca0d3288b557818e538c46fd

SHA1
cb904fd11ead1a34428a23658a4077bc7e90f1fa

SHA256
498eba4234913cb307fdf3b444be4ddc9f9b6f02f7e54eadc4005c59a9221a3f

SHA512
9d42a9a667434cc7d60d2444b311ac62159238ef5df82168ff797cd268acba5711d56020a89eefa28cbf781e98415ff26e2a9350e1a0d6a7e66d53ec38c3164a

Download Submit
memory/1812-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1812-72-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download