60024c3be67250f6a9b02ff829f4972b96e959eabab7a425c9ff6d2c55818032

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 03:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

178034249480e03be8087360f647aeb0N.exe
Size

48KB
MD5

178034249480e03be8087360f647aeb0
SHA1

4cf7749802a27c677a391f677d76a634fd1d6314
SHA256

60024c3be67250f6a9b02ff829f4972b96e959eabab7a425c9ff6d2c55818032
SHA512

9970ba65bad9fe4d0ec55ef876d1dcff0fbaca5d14897850731dcff3d72cfb3d18bce1e7366e6390e356183d03942a404769014f04fac7f357a5b61811b9a9b7
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/FzzwzgTAUAcfqg7Lvxw:/7BlpQpARFbhNIgVe

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3359) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	178034249480e03be8087360f647aeb0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	178034249480e03be8087360f647aeb0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	178034249480e03be8087360f647aeb0N.exe

C:\Users\Admin\AppData\Local\Temp\178034249480e03be8087360f647aeb0N.exe
"C:\Users\Admin\AppData\Local\Temp\178034249480e03be8087360f647aeb0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
48KB

MD5
39bdcf905d62bb042c91e65eb4bb691a

SHA1
365d2071dae81d2fa656ac0feab7953c3cb207e6

SHA256
ac30f15c07c4b7451544bc6c668baa973c09f7de353aba0c832b78fbde5db34e

SHA512
4a459fa5382b70bd468863fd03cef75b3738d98238e6e768f14c1f27bd6b294f192fc8cbd32c1c4918c81e36a75e653a5496d6e78874cd46db8c7c4a2c7e5d96

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
a51109f912cfbfd7a1159f153530cd77

SHA1
ce2b7629cdeeaac4138573529d77b403bcd74f67

SHA256
0ca0d5e68c5c55cef56a875b3b7bf6f82a3ace964b9da23c630149b5ecc1216d

SHA512
867965485c4eb6ebe490bbee494e94d99f67cc1877793daf1b4d16deb352416107ae87066ba9208cb93dfb5235bda8f8dec53c26305b0f6f6d6b41e200da187c

Download Submit
memory/2504-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2504-72-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download