ebae11547da2a9d02c5928b96ef8d7cf73798620b97ee4d52d55fa8699cec55b

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57fc6b8c8d1d166ab155bbaacc2c9810N.exe
Size

96KB
MD5

57fc6b8c8d1d166ab155bbaacc2c9810
SHA1

1a87bd62af3ee083d234106eda097e61137e8c36
SHA256

ebae11547da2a9d02c5928b96ef8d7cf73798620b97ee4d52d55fa8699cec55b
SHA512

312b7124a7ec4f2357f23a2559ded033c52c80f5815d6a190e313bc44d876fd3e2972db8e82bd81fd2346461fda400bbe01dc8bd44c6d06233619f5475f22e74
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzYLpj:6e7WpMaxeb0CYJ97lEYNR73e+eGGe

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2964) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\release.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	57fc6b8c8d1d166ab155bbaacc2c9810N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	57fc6b8c8d1d166ab155bbaacc2c9810N.exe

C:\Users\Admin\AppData\Local\Temp\57fc6b8c8d1d166ab155bbaacc2c9810N.exe
"C:\Users\Admin\AppData\Local\Temp\57fc6b8c8d1d166ab155bbaacc2c9810N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
96KB

MD5
04b5c75f69d5235b5a4feae4ed7ed360

SHA1
25cf480811fe7b1d199073686491d315168c92b4

SHA256
3180c5827c96cf1b1f61c74d91e766bd40599f7b6cc64c6189790fdc7061cbf3

SHA512
a7dd5e83027a8933b6a9dc45ac5a7ef07686c965974e81996925b72db5134bb2ba2ca4c3d778a6738455bc80016d64f2e3a6adb0c3712a943395d2d30a4bbfe8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
105KB

MD5
46b19f6a8cdd6ee893462234a773dc83

SHA1
17aaa340758185ee04bcbfbe831e981f29e9342b

SHA256
603a888ef9dbb08a8aa7c7a6f99388da4308cbf0a810e1a588770828238c358e

SHA512
9a7757fbbce94059b996094e8975c3ca0a969e948d87102d42148b136dde71abf8fe324ac51b2139836a272284c86804cc8ce2ea81bd180c9742fca415344a07

Download Submit