f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
Size

33KB
MD5

88ad89708cfa2afd1f9e8e5ab546bdf8
SHA1

f65c57d03e4938d21388e1fd94d7b20dcebbfc3c
SHA256

f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca
SHA512

53913fd6599d47596da4ec7203365246ca3fb621e1a62acb125a69da6655dca32a440ecb3c4e7aa5688a35fdfd0cb0e94195a76b31175df43cd17d93b6daef0b
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvYD/DCgAgUAJOiAJOQe+:W7Blp2sspARFbhlAJzAJ1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4068) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.msi.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\SPRING.ELM.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\SoftBlue.jpg.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\ExpandOut.mht.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe

C:\Users\Admin\AppData\Local\Temp\f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe
"C:\Users\Admin\AppData\Local\Temp\f5258f64ad2832727e295525d14037b1eca5faff74ce056517c7d25a8b046aca.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
33KB

MD5
9ca60776cecb4cc50485efcc6a217829

SHA1
8c17d1d2ecd98262bdc7881f598951dfc732e9f3

SHA256
b053afb5412eb5988694be7136c6d863941a9dce5f78679e8196b415d7ceb80a

SHA512
21497c8ce390ec74be78da6ee362c5f9ea00818856be2a96749bbd4f9e8a0831964eee0ed993784feee4a5d885eea71ed714d8557ebb8298c6d42cc07948b495

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
42KB

MD5
f86c3a375f32c7f9a67de0a6816756c1

SHA1
7d8079240477603e5e4a3e47e315544571eb1862

SHA256
aec5314374325bb015803c2e1b8925bbc9846237a6af03a3c68b54846b302548

SHA512
abf9fa0bb5ed5b4d01c7e7e66b97d9eb372e4726ff0ca381f5767e45393b3f53d3424c4c6cf359aeeac848b0619d65f30d6a32d0ccfc4e375d18dec54bc25171

Download Submit