ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-08-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
Size

51KB
MD5

2bc90ee16f31be953f23b1ff26b8345b
SHA1

dfd3dcd1c7f9830b251819952bc5d581439a1acf
SHA256

ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c
SHA512

36fd4ebfdf0d9f7dfdb5e75d44e41f895c75b9115d901de2038b8f835b3b91ceb87ac75766440cd9d26680aa60d58a1d58c9e63f2c4e7431f802bc7363e702f0
SSDEEP

768:W7BlpppARFbhbt7Y7wTCg0hcM0hc0C76QC76BwB:W7ZppApN0hcM0hc026Q26BwB

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3757) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\ConvertRestart.pcx.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\WebKit.dll.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe

C:\Users\Admin\AppData\Local\Temp\ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe
"C:\Users\Admin\AppData\Local\Temp\ce791d5a24f08ad32ebd8a315dfe7fe0672472a2233827c437874a21e0a7663c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
52KB

MD5
2237e84c876c156b7da05f810a606864

SHA1
75684b204f1906a267e5671317604505cb27337f

SHA256
47bd1afd7572fe983ca567b2dd2dbd2948f37df13a52cf633e2391ffc694a740

SHA512
7c4353c1afed753ba3388c83818d6f71c3bf7820802684a8c862caa3a65dff4bf8aa42570fb3009ce6dbb1149f9b320d6dab30a5a0f31f7afb378efc1954c2c5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
8d83f02f1a8ead4a2cb3eb75594685d0

SHA1
424f7bbe75ad37fdac52cb64e41fd88035d1e838

SHA256
f2222a025e3e9176a7265922965312f3ac159a74efcd0d76e449acc36d13fa94

SHA512
718d3a798af49ac102ac213ddc53f189cb837f8f846a57a1e536aa9d2a1ee415666d392a3e02a6d94481f8135fe86f88932f94923a3c50fb2010df0f4b58883d

Download Submit