188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
Size

43KB
MD5

4adf60f07301aa8fc2f78349fc26a10c
SHA1

01bb60461df6b361700660863154a65f6d30c5db
SHA256

188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f
SHA512

ef32c7ce0990cb5fd95ba341aa616248acaf1414b9806d9543f1dd541780a84b1f3b080f4c6cbdeb82db929221824f175d597b984333b38b98e1dd22ac2309d8
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/FzzwzSMn76GRI0Mn76GRI8:/7BlpQpARFbhNISC76QC76A

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3932) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe

C:\Users\Admin\AppData\Local\Temp\188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe
"C:\Users\Admin\AppData\Local\Temp\188c92fad20e985cfaa121a17a2486ed278577f4dbd7bdd14db5e50b46a0bf1f.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
43KB

MD5
a5674c12ffa939ee0d4f886d501de456

SHA1
5c63f99103cba026f59068480ae2cc9277741f16

SHA256
7b535fcc65db2aae3ac7b4afff1f80e4a1a986084eb1f5c44caf5f141fb74550

SHA512
7589e3416d7506ab63a4abe52ba419fd2065e723fcba262707fef33625f3aa28c67df6cea58f83e70029689ddd0e52068a07e5e1cef44f7689d689f2d0a4064d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
cc7cfddf0bc164e3f25c79f7fdcdbae7

SHA1
612202ffa27778a7c1fc69ea52fdfd737a1632ac

SHA256
2a5fd6b363320fc2aa0a4f2eefee20e0bcb24a47fb6dc589c06be1416608e049

SHA512
0ce2165a5ffc165b7ba869cb073b5d586fe963f60a1881d33a6b69dcfbb19fdbf6560eee73dded714be36dac82dfa77dcc3ab33ff6b73380ab5d907b5310189c

Download Submit
memory/2256-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2256-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download