3302305bd04b350f566965be8457a2c0c560be7c6e895065457c64bd69275932

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5652d7a999671abef85eb0a12578cc0N.exe
Size

41KB
MD5

c5652d7a999671abef85eb0a12578cc0
SHA1

2756f8663285dc4cdff6ea88f99e14f5e60388e9
SHA256

3302305bd04b350f566965be8457a2c0c560be7c6e895065457c64bd69275932
SHA512

c41ab828f617bf01780e0b0367a546b0334e94a6ae6d1575f3eaa15ab313b11fbd7838aa29c9126f1de7337f60ceeb163e308d38a37a1d112bf71d0e8527d5ab
SSDEEP

384:yBs7Br5xjL8AgA71FbhvsDYcUYcG0Wp/po:/7BlpQpARFbhsYcUYcgp/po

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3417) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	c5652d7a999671abef85eb0a12578cc0N.exe
File created	C:\Program Files\SplitExport.kix.tmp	c5652d7a999671abef85eb0a12578cc0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c5652d7a999671abef85eb0a12578cc0N.exe

C:\Users\Admin\AppData\Local\Temp\c5652d7a999671abef85eb0a12578cc0N.exe
"C:\Users\Admin\AppData\Local\Temp\c5652d7a999671abef85eb0a12578cc0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
42KB

MD5
37cad82b6230eb55c1ae81f9f5287731

SHA1
b13c78472c1849676fb34776f63c5862e5d11b92

SHA256
eb5f9ddb8d460f2d295dbffc30c9f3019938e97a0e08cd04eda75bd67b104b99

SHA512
fa1a129c61ecc9e49ad6c0d2a6ad7eee52d49b7c7b47fe1ff7d8ee2e83f266c2201082762062d3c9c66d6e61002ee3dee9c89a64669707a52216989203413622

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
eecbeef0f342016b2ca61a410c5ef763

SHA1
d4e672142090b7287d13925f1f13e692e6226377

SHA256
43b3dedeea11c068e1b4d135aff88c67706dac6eb1abfb3c8334237983e1c2b4

SHA512
780990b9cd063696a2dd20e9e7c42749dbe81b3f9fefd321b45810dc0fb99eea30b4cfc2698f2eedab22a4e53ed7748f3cb718722587ce41f4f750b9c145bfec

Download Submit
memory/1244-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1244-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download