926e5a0c629899225113fe3f481743fd3abf224184b83e9f7fedcc3014013485

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
28-08-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4c0b74aa5ab654b3472615de5df1d10N.exe
Size

46KB
MD5

f4c0b74aa5ab654b3472615de5df1d10
SHA1

b43ac39c816b2ca56608824daadb6a212ac5b2f0
SHA256

926e5a0c629899225113fe3f481743fd3abf224184b83e9f7fedcc3014013485
SHA512

98bf5affacae8a2b8d8a4eec679d54baa35f73105cf23541aec7c9287cd3f41d3490ea30a0a9da575fc2083c08c4628303b34dd019f169ffe8d1f2f80454067e
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1FfcfX:W7ZppApBULcfpHLcfpSo3fXfcfX

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3272) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	f4c0b74aa5ab654b3472615de5df1d10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4c0b74aa5ab654b3472615de5df1d10N.exe

C:\Users\Admin\AppData\Local\Temp\f4c0b74aa5ab654b3472615de5df1d10N.exe
"C:\Users\Admin\AppData\Local\Temp\f4c0b74aa5ab654b3472615de5df1d10N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
47KB

MD5
eda5bb935b94697356e8dbf912dfb2fe

SHA1
e40d72c3b641f4234fc00889278ea7223800c1e1

SHA256
e73d231dad64e7373313679fa0b728bf05781917e9f4470a8e9579267092163c

SHA512
114b8436f36019305d0d1f3b302bee75532a0bed08ad59428a48fdce4171f8c4084fb132db8122603bac0a615b7e1d0e18bf74aac25184c4462e0d6c858fb131

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
5468e5fc6d53adc1bf35d47fceb5581a

SHA1
c2f9172c64c13cf355374fe476ac9402503125b5

SHA256
9382e864932f44d8f80ff8e9a94b0951a635a6f1aeea1c947d7b5febfdee1076

SHA512
cfbe51b64a7ba5590d4ea89fede3e5adee85881cbb5abe020d053654d9edf92b8b0753154aaef6aa1c92c74a4cb4fa8330d1b20bea61a887bf20d0182e2391c6

Download Submit