fd97d5328e4c753eea54665777cc2e6143b2608f9a6ec8f9b8a2e4100c1593c5

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5becc4d57155a8ce50b7d43f1cc19300N.exe
Size

55KB
MD5

5becc4d57155a8ce50b7d43f1cc19300
SHA1

6450af02bdea070f7d301056a757c92e21e25e88
SHA256

fd97d5328e4c753eea54665777cc2e6143b2608f9a6ec8f9b8a2e4100c1593c5
SHA512

8e61d61c560593fdedcaebfbfdc1098c4c1a1d3296135a32f0f417e99a2ef2350bd8612745ac1021649a0879f5b4475361c5fec1a9cd6953e4c638c14f8b500f
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0IwDxtDxoASjSPC9bNZC9bN7:/7BlpQpARFbhNIiJwsJwwnZIfE+69e9Z

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3232) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	5becc4d57155a8ce50b7d43f1cc19300N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5becc4d57155a8ce50b7d43f1cc19300N.exe

C:\Users\Admin\AppData\Local\Temp\5becc4d57155a8ce50b7d43f1cc19300N.exe
"C:\Users\Admin\AppData\Local\Temp\5becc4d57155a8ce50b7d43f1cc19300N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
55KB

MD5
138e50cb91885fce80929d04c820b58b

SHA1
2b444f04ef8e9d63bf426fb8523c2e7ce486f44e

SHA256
dcd399449b7c93965476a86b82043093494c27834bbc0da09f6465a3c8d477e4

SHA512
00c75e51925adf0bf211a8b38751a891dbd0f5b450fba8ac75cce8262ec7f216f903e6ec971dcb77cfb7c3bee3e4fb674eebb7ceda4be01d5b5a2f839f5f3597

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
65fcbda999f868f511483e01c37ee63c

SHA1
11cf77eb420e9fde2e70ac983f0098252a0e1092

SHA256
38d9c5b01beed34e33f267a0d7e376303a433c9b623ca9899e0534d7ebb10cc1

SHA512
229dee596434c9c1e66d37d1f51731af70180c7566b4581361c8e746f393a260cd543f20acb16748d13f84e6e235c4c884da1ae185d2f81ae37eced408de6c8b

Download Submit
memory/2908-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2908-72-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download