4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
Size

72KB
MD5

95e6b831d62952e010ed4bc93cf3e9ee
SHA1

f03aeb366a4446a123b504f5fa833f1986628987
SHA256

4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61
SHA512

391a3c986482fbd0a306b63783b4823f89b907efd2bd641b863c8b24037edf282136f5d10552f9c5a793f236682dbafda48a90c25184e7fd699844404d0279d2
SSDEEP

384:yBs7Br5xjL8AgA71FbhvJUfWGUfpa4ma4LGXnlGXnlYzoPT:/7BlpQpARFbhiWbWYqYzo7

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3667) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\library.js.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\library.js.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe

C:\Users\Admin\AppData\Local\Temp\4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe
"C:\Users\Admin\AppData\Local\Temp\4ae1b05a51fe96faa63c9019dd2e00cf829cdefb5a148f6c1b5f3a145a7b9e61.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
72KB

MD5
2834b39c4621fca2c0c93b0049e585cc

SHA1
b59bae1ac45b4dcd3a910dc3a9ea1241a284f922

SHA256
1b82046d1a0aba496086e7f01ef1ff71a617e90f0b96ffa5b157002a2d12f0e0

SHA512
b355a8f3ecd73349bf30b3902e5750a63fb1747102c23d75f6e8dce7fd573386d2cbc5f15efc31da4dd84559682120132d87290e5f2907787267797ed495518a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
88713375e0a88091ec9602f13bf575a9

SHA1
f717207f1511b474aa356870c797814360bf6672

SHA256
9eb6b93a3375720624da0286242e071d9bd10570d70dda6cf3f4ba5357f16146

SHA512
f783d29d873ae0d0b67f03f76454b76afada1fd22170e1c40ca604b3e6ce1ec842c06561c852852fb9d415d4e09b3374adc4d6b13788cae98b63af8d4f96c789

Download Submit
memory/1672-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1672-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download