1243e808a3e36417bfed7cefa4e40e285bc3b6bad7452cfed76b4dfdf7e5ef74

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7732e42824233fe325d0e1bb2e13620N.exe
Size

46KB
MD5

f7732e42824233fe325d0e1bb2e13620
SHA1

46fdefd473991a6f066a098e4959cf0ddb934071
SHA256

1243e808a3e36417bfed7cefa4e40e285bc3b6bad7452cfed76b4dfdf7e5ef74
SHA512

a68779dd54157ffa1384fe6d9792d2611621c4d6473b122b86324d6d4917ac608b67c7e0d8b44ae99f5e85c1249c92ef147f56290013c549435ac94f2f3059fd
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyXLeCee:W7ZppApyVyjVyXn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3254) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\VideoLAN\VLC\Documentation.url.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	f7732e42824233fe325d0e1bb2e13620N.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	f7732e42824233fe325d0e1bb2e13620N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f7732e42824233fe325d0e1bb2e13620N.exe

C:\Users\Admin\AppData\Local\Temp\f7732e42824233fe325d0e1bb2e13620N.exe
"C:\Users\Admin\AppData\Local\Temp\f7732e42824233fe325d0e1bb2e13620N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
46KB

MD5
30d6e854c544def54908cb8ce0de7d0f

SHA1
afe4e622340f60fe631b19cfb9e63df01f135bc9

SHA256
5e70bba905e355102608cb23ed62c62de36edf1aefedd1d4f442578f2248ee53

SHA512
86030cdd7fbd257610e7f83a7a6e15dcd94e10fff38ae21c7bb86b47f743804cb344b35a89293422dde61d74645ee4814c0f327d15605a6d23e3651403a22411

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
a57362b6f99a31bd6bd5c1a064c0069b

SHA1
df47376d2e8b08d6381c88a190771e20d3425ed9

SHA256
1689cd2b74efa6c991c68d6a1aa80a1f5b80b2c2d6ab1f51ee5e1b1a1a08a389

SHA512
3be336c04e1cb95e54c6b78605d825c0f680707de65a20c6fa2c6401634f06b0085f14010abca9a9c0215f68cff904c901835a6efc6bbea376ab6490cf44b295

Download Submit