46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
Size

46KB
MD5

6349e065fd95101983512a5c6972aa95
SHA1

03dc75d759334802e02ce288e264218ecbd576b6
SHA256

46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e
SHA512

94e46569d2a3f11c0dacffca015915c25d49b972ac1868fb1c2964bcd086dcca1432aafe0a6d06fdcfe57dc2f0b75dc84dbf2f1f4208e13526387add3a0d4402
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFXpK5c5S2Y8/32Y8/e:W7ZppApBULcfpHLcfpyDA6Z

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\release.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\micaut.dll.mui.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe

C:\Users\Admin\AppData\Local\Temp\46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe
"C:\Users\Admin\AppData\Local\Temp\46983066f63b828f0703f5d94fe2b3ad8f6605e1a19202dc2b5f83ce7959cc2e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
47KB

MD5
7f6ae3cfa538a1ea9c08ee55c4eb048f

SHA1
c3e2bea767dfcf7775143af233f273613b209f12

SHA256
8fdf269d39f164214a911e6a5cfd245601dbd6e50522c7847a7d6bbf2fc0a547

SHA512
b130aac308a08a541bd7829a2d3d7fe72c094e200d99e40a4810e0974536f6bc7df16ecba619fa40147e70d5b962ad5bea8aff2dde0240600311c0b78b270596

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
37047186134b7049d2e0ff47ba88c7b8

SHA1
e5660675bcfd246a601e5197f3460f89e800ebf0

SHA256
f230321abaf8396e634717b46ce34e88d7fca39bcff6073faf0dfadea04faa93

SHA512
6d86f1924a30d3561d866d34e01ae9bec2c5e82e6f33f94e80133dfc4f3e35be25d437c06466c2a37f09be55ab11dc004299885cc2dc3341d02cbd77ed8819de

Download Submit