0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
Size

47KB
MD5

3dd58bc863d0b6db5dc1f0a93c3c5a4c
SHA1

1e8c7682a1e771fdf56f3d30ab3c9cb267663a01
SHA256

0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d
SHA512

b91b8653d20409edc708643f05355e2d8d7a28df7680d94009e02f3b78ed072573aee613d02c58a9b351f3e2d279676cdb115796d62d66a736b2913fca3be8d4
SSDEEP

768:W7BlpppARFbhbt7Y7wTCnB2ELEW0fZfZ/2:W7ZppApgz

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3682) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\NBDoc.DLL.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe

C:\Users\Admin\AppData\Local\Temp\0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe
"C:\Users\Admin\AppData\Local\Temp\0323301edef3500d60740e5f4527772a1eda1da93b92c7afb90f80e8dff17b9d.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
48KB

MD5
b0e290dbd4cee12d6db03a9519d1d14c

SHA1
6139de0d2239667bb193183909de9d2103f4f433

SHA256
6f61a88e776b9b62d9769ed7a2a2b036778a001ae543fae76163b520ba1c4b23

SHA512
a6d35d200cff2cc23a0ff7f1a97312c78dd5d29ba481dab24f9683649b8c935b6c24bdf3f44d62f211a8d02e61b10cff4411a09d4b601a3be16c764494b66be1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
2286b2969e1117ce14c867fa2f8d2afd

SHA1
e749786d502bd74096bce1050aa2d4df87b9fd0d

SHA256
9a9e476a6ce25158d25dfef5c4e0c7436395f0c3cc4d293154ade077ca495520

SHA512
f6d06d19281a81a5757552369e3d4d422970bc992fb8885db16bf62d5d823ca2e892bc6f6547f97f1c90d115f3a8372f4f530add925074d972365e5e5c3dcc39

Download Submit