3db96f7bfb8e5e8ba7d02fd07d461ff97c6a6a39184c1e0724eacac761a5b214

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-08-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d966f14129e0fbc1c8dfa3a0e038af20N.exe
Size

45KB
MD5

d966f14129e0fbc1c8dfa3a0e038af20
SHA1

e62a8626b343a32847ddb540bf207479de3e5ebe
SHA256

3db96f7bfb8e5e8ba7d02fd07d461ff97c6a6a39184c1e0724eacac761a5b214
SHA512

1dbb25b916dd98ba08dc1b1db5e7a01b3998a9d6a35390247681966a6150d91016452350966b9f5a788927cc51b3b009fbe1ca39acede7483550717f70ad7bb3
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7cYTfZfr:W7ZhA7pApw03vR03v4Yl

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3256) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp	d966f14129e0fbc1c8dfa3a0e038af20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d966f14129e0fbc1c8dfa3a0e038af20N.exe

C:\Users\Admin\AppData\Local\Temp\d966f14129e0fbc1c8dfa3a0e038af20N.exe
"C:\Users\Admin\AppData\Local\Temp\d966f14129e0fbc1c8dfa3a0e038af20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
46KB

MD5
7169e101d49c691b9f92a52393be2168

SHA1
c1bf622df0a247d92f0e96ff90bd200fe8dbdf15

SHA256
f66b5be2429f22263725ec8606620e70a057d57b6cf382773c2b0781eb823333

SHA512
4494637452302afc1ada3a64ff0bd17f6a9187a36127c6de64880978084ac69a814a400dc692a24732c28f68b49fb3c994c939dac1925e6f822d21e37d8ba603

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
b23feea336935b3d431c749bee951393

SHA1
c117e925d5799964a54dee88bb05fa0c3c07d797

SHA256
3170ca5e7b3d71c8e5a03be40101a6ee894037763e1ccdde0e02dc2e7b15f524

SHA512
cd7ff5bd4e052cbd1e0e736b569881beaada031154ec27f7455d385e56058e89dd9b277ba741191fc200b93538f8ca37eaafeafeaf58d8c224e4125e46ec9da0

Download Submit