1aea7e13980730f57ae3ae556e69008f43683625aabe3625f6becf8aa5dc76c8

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97f56ac09f9b371e994ba93bb90bf020N.exe
Size

48KB
MD5

97f56ac09f9b371e994ba93bb90bf020
SHA1

6cc8b5bad89b0ea91a98a190c03db7e6242119cc
SHA256

1aea7e13980730f57ae3ae556e69008f43683625aabe3625f6becf8aa5dc76c8
SHA512

1e1e72057cc9fa21b99b8b996a334ee843f0cddaa148385cd241f9704930324cf8e5e31b021ff3c240b46f19052e4b03e9400bf82b597f5d0071edf753536545
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyhbabgNT:W7ZppApyVyjVyrNT

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3221) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	97f56ac09f9b371e994ba93bb90bf020N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97f56ac09f9b371e994ba93bb90bf020N.exe

C:\Users\Admin\AppData\Local\Temp\97f56ac09f9b371e994ba93bb90bf020N.exe
"C:\Users\Admin\AppData\Local\Temp\97f56ac09f9b371e994ba93bb90bf020N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
49KB

MD5
bf0a6732afccf00c0fe12d5f67fb86f1

SHA1
a7c2b5656db5acba483fafa0c181836ddcd5a2d0

SHA256
e3582d38f83baf3c4a178b81d6adf9a555bedfbe49bca79ca03e71f48e0fbb13

SHA512
a8ee660d3310ce44be00d25d62e619c7ace115aa8af07621ac713f10c8afdef123b229d988e20ffa32b2ef6abf78e120be6ee23009c5f68b0fcc8ea0bfa43bd5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
697ce057a22ec2f45fffcc813046cdc7

SHA1
c03d10e77b85a4e09c2deba91e6d5a922ec82e95

SHA256
e8651c2719f318bf0b2849eaa16045e6effe7cba441bf84cf43933163bd2f781

SHA512
67cb5e896473e4b6428edb6f1c7feb84b3dc4335fb5240e6ead6e55f0915d2381b7b3f81e8ac9a9b48de9f04e9d7e9f3d8da3ad0bed079ce5a7e24c56fb1a234

Download Submit