4a23a47a752a81cfee8d291b245a94a515df4189adb65af0ca435e2b1e7e4360

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 23:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f0907e9e921d21614a267cfe250b0290N.exe
Size

51KB
MD5

f0907e9e921d21614a267cfe250b0290
SHA1

e98b831345911235a77221975353a71aee80e2bd
SHA256

4a23a47a752a81cfee8d291b245a94a515df4189adb65af0ca435e2b1e7e4360
SHA512

5081b5533aeed0d2efc878fd1890ad9aacdd8304bbff1277933d2c1a453d6de82293049dd7aefa356fbd3e424035ab085d69b51103764dc5bb7809e167be552a
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVy/VeSv101k:W7ZppApyVyjVy/ESh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3280) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	f0907e9e921d21614a267cfe250b0290N.exe
File created	C:\Program Files\SetEnable.ps1.tmp	f0907e9e921d21614a267cfe250b0290N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f0907e9e921d21614a267cfe250b0290N.exe

C:\Users\Admin\AppData\Local\Temp\f0907e9e921d21614a267cfe250b0290N.exe
"C:\Users\Admin\AppData\Local\Temp\f0907e9e921d21614a267cfe250b0290N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
51KB

MD5
95706c2252b612568089c20871df894b

SHA1
3a97739ff17068ece3eb53723d07179d89d704a1

SHA256
0ff94d2e77c1f2e2d2bd34fe5845bea171ae064171190b9f9f9dcb638fdae9d3

SHA512
b85fb334618ff71b9d6c4cee81c0d83a17956b37b4b517c49faad5c838b620881afa30055842ffee51de420e471794ff333f85f9f94089c5a21ff33a4f2f13f8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
252f7f225e00c4853d1f6977b3f25ecd

SHA1
f2c69cdcfd007f99c1be03f121dea0cafef8fa8a

SHA256
ac24267b220e8c5213dcc5054cb932c4dcb23945fb9c8da55dccac41cab0bd86

SHA512
d1248695eb8454d531d649ff54a6c562067d3f23db6f3c1433db27cd017ac44bfaf58891be87e48fbdd21fd0dc0592b4ed7807b95acbdf477309df66402318cc

Download Submit