21952fc82d1a06f6679f2ce67c0068147caad94d12eb1dad8a0a36ca91f98803

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5340e34f8b68dd797c33436a24c24e20N.exe
Size

45KB
MD5

5340e34f8b68dd797c33436a24c24e20
SHA1

17d75e27be84d48855beb43563a3e373516b44f8
SHA256

21952fc82d1a06f6679f2ce67c0068147caad94d12eb1dad8a0a36ca91f98803
SHA512

11f437db3794b0436cd30dbd3d2efb665bda9e30761f3f224a51782f969099317debccc7ed2d7ebb139f76faaf1f9649f403581d8ba891434f66cf4922744945
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLkEt:W7ZppApBULcfpHLcfpyDC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3379) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	5340e34f8b68dd797c33436a24c24e20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	5340e34f8b68dd797c33436a24c24e20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5340e34f8b68dd797c33436a24c24e20N.exe

C:\Users\Admin\AppData\Local\Temp\5340e34f8b68dd797c33436a24c24e20N.exe
"C:\Users\Admin\AppData\Local\Temp\5340e34f8b68dd797c33436a24c24e20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
45KB

MD5
701daea4d420dfe06b0b7fb315f40269

SHA1
3a52ff3aa3e9c3c3bd25b79c7c6016dca2bfe13f

SHA256
95b8af06ffe8b79d9a95e92ba1306012d07b8e3faf9480423da3eef8f1ee1f03

SHA512
a1df635fcf506ebe8eab9eef3d39da7aad8f22b1c947155a0d3a639611920555877a2f7a29dd88bd5d8e2eaebf5d2a89b4b0f784e6f190fcabae478bac2a71ff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
63e64428757ef86119da7e9188641e64

SHA1
47d6a52c50ddd0bc47aa0dbac33d4794c616a6e4

SHA256
396813bc3eca4d3ca3ea6e97d3ab49baaac6ae14a610da5be3a7f3c24781b43a

SHA512
67040ca1ff52f5a7d3692bc4984cb11dbecd4e5acdffea0b91e726a7467a196b6527a2b463c2e7c2813873b2d6d3db10af2c296e01bd9ee56dd0234201a1845e

Download Submit