441f34d82b3ef1625f424bf035b2a05f787f3184ad07963caea14d3ce38429ec

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75efdfc0445a686023aa394ea8c66430N.exe
Size

71KB
MD5

75efdfc0445a686023aa394ea8c66430
SHA1

253594bb668a2e82fb9ee19c98f49a55dc543351
SHA256

441f34d82b3ef1625f424bf035b2a05f787f3184ad07963caea14d3ce38429ec
SHA512

00cf73b58a6a658d40427281c7e84aff4d7a3b5c8f498e620bc147ee7fa9a7eae2231f552f9ccb1011ac5a1ff104f96ce1dc4a1f99acf14e55401280afea236e
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/EUN6J2c:W7ZppApBULcfpHLcfpX2/Nw/NwmxBRn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3178) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	75efdfc0445a686023aa394ea8c66430N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	75efdfc0445a686023aa394ea8c66430N.exe

C:\Users\Admin\AppData\Local\Temp\75efdfc0445a686023aa394ea8c66430N.exe
"C:\Users\Admin\AppData\Local\Temp\75efdfc0445a686023aa394ea8c66430N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
72KB

MD5
99e19da13124eb4d079d26bea406c730

SHA1
3bdbf82e1b29e39d60145e2f4d55c3142b10cbf7

SHA256
d589891a8d90dae02660dce0dc7117dc1611eef241b8947c366867fed35f63c8

SHA512
df6afa977e7929f279bd55e3fbedf2bd062d2566d18bdf7032d9f4ac9552a304da600d84a92b8c57b1687d5f2b5167516c7d08ab732d0161bdd079265c75b245

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
ce410fe5004afff93f98c539f667574c

SHA1
14cce53c112ad64b78c6cb9c2578a776e0492665

SHA256
63f1e2eec843b82abeb4e36f21727f8e43df896715c867c7abad5bd9cd20be0a

SHA512
500320a504c8d551b1763f69f12580324dfe38a0b6677a1b8f81c3ab3f66099a4078f136bf8b40e3b10e3c39f990173714fe0a597f826f96279434e168de65f8

Download Submit