a6e9a8e9fc326464ab07d71270fcb8ac28d16f5a1f0f1f7c90846705ecc30442

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5fe67e8f103632a10f8a36c7d5bc030N.exe
Size

64KB
MD5

d5fe67e8f103632a10f8a36c7d5bc030
SHA1

870b2f02302f21ef63d2071419f2cbe0b8ab8fc0
SHA256

a6e9a8e9fc326464ab07d71270fcb8ac28d16f5a1f0f1f7c90846705ecc30442
SHA512

12db9c45bc6a9c3e67c09d3e1d1fbac5517bfa58044b29e2a54d264b91f50f1de2aae2a4e1b88e619f3e7ddd86cf2705463e116c37b84a5a3c2bca178866806e
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw70EXBwzEXBwOvEJcvEJZzozw:W7ZppApqvZvs

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3112) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	d5fe67e8f103632a10f8a36c7d5bc030N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d5fe67e8f103632a10f8a36c7d5bc030N.exe

C:\Users\Admin\AppData\Local\Temp\d5fe67e8f103632a10f8a36c7d5bc030N.exe
"C:\Users\Admin\AppData\Local\Temp\d5fe67e8f103632a10f8a36c7d5bc030N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
65KB

MD5
0c64dbd780cc8b309665d0516cbff24c

SHA1
017760a79bf603dfaf5ac2f081b13d02f3ddbca8

SHA256
ce01148f29dda8dd6afc823205724ad5ed3d9b97f1284a39fa41d932e0a647d3

SHA512
c67926b27784452623cfac66957eeab8e484faf25ea6aa1bb5e690065fb8975c7f5abacae221771d60cfbe82bcddc5ba2ca9029013b55f0958c22b7aeb097a1a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
88ec8610ed624dc54e610148a377034d

SHA1
f23c5527b67bfd466276d81f390bcceebbb9c010

SHA256
d1b6d80b82799e9527d66b70e67e2735d9ea7e018c1a1cfb61c8f49c964f93a0

SHA512
3263df542c7a6215d6252748ed36999675b7c95dd74a1781881e524b3b6aaca11a70e9fb9ef13288b08c105a3ece6cdef0fc6e2bbe8286c02cd336db3349a99a

Download Submit