19aea6fd93d734a00bb1eef06e4ac6c216dc4007c19879088409cc8292248325

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25b2baa66dfac134ab891832970e6fd0N.exe
Size

89KB
MD5

25b2baa66dfac134ab891832970e6fd0
SHA1

ee3871186080d5c7214b8b2460828f1a62772c4c
SHA256

19aea6fd93d734a00bb1eef06e4ac6c216dc4007c19879088409cc8292248325
SHA512

28e68cf15e70bd2258271ccb47fad423b0636d0ff13019d6cf1cd3c5120e5c8f2c62f5468c9fae9125be40a2d665751886f26b9e20459cb5b50a338bbc44ad9f
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNYy0Wjy0WzYwfn:6e7WpMaxeb0CYJ97lEYNLGj

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3072) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	25b2baa66dfac134ab891832970e6fd0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	25b2baa66dfac134ab891832970e6fd0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	25b2baa66dfac134ab891832970e6fd0N.exe

C:\Users\Admin\AppData\Local\Temp\25b2baa66dfac134ab891832970e6fd0N.exe
"C:\Users\Admin\AppData\Local\Temp\25b2baa66dfac134ab891832970e6fd0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
89KB

MD5
a2636d41e44834bc71d665e3486483ac

SHA1
ddf709e306139e1a12c6a5a1be0d41d4b51cc9c5

SHA256
dd0971af5cd1b30f04e775e3d2b4c33fd5d53e4bfae5513c536238585ee50d91

SHA512
b1dda37d1ca3079e4b1c1e893025f35ed3a71f9d9d0a356de553fba74421ea6d620ee656f945178dabdd94440416050137e17eef44f3cdde19833101a73b9e3d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
a0066f15b37d7d49f01b7f8993e15803

SHA1
f947dd64a22df66aa06a4360df3ebda4169d781d

SHA256
5582e3044b36b430a54584eae111eb2095ed595e428a3da8f7d9e4b2a55fea2e

SHA512
3fe691e2c1f7c9411e2dd233dc1ceadbdb6b9877e2eb4f390cf58bddf8a9b8e8527fa47b34a9cd70097da6f6a5e6db2b31c3e8f8547162250ed84ece62546017

Download Submit