31b7bd1ddb63dc340083afe612ce4320b4296403e79784f1ae5c5ba6ad1cd07b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41655a1e9954303ec5afe9452dced220N.exe
Size

51KB
MD5

41655a1e9954303ec5afe9452dced220
SHA1

9a068c2f584ac7886f81540676147e9d2eaca19b
SHA256

31b7bd1ddb63dc340083afe612ce4320b4296403e79784f1ae5c5ba6ad1cd07b
SHA512

5ca7f92b8c546fcaad68c97959b2c2f1bf0552f520a10983fac1a614f62d014638c8ef1daee4db4c81cd6bca8d00e6978876bb19571d9f572eeb5b259995aad4
SSDEEP

768:p7BlphA7dASbSLJJBZBZaOAOIB3jM2jMO/vY6q/Gum/Guj:p7ZhA7dAxJJB7LD2I2IGYM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\CloseJoin.pptx.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	41655a1e9954303ec5afe9452dced220N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	41655a1e9954303ec5afe9452dced220N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41655a1e9954303ec5afe9452dced220N.exe

C:\Users\Admin\AppData\Local\Temp\41655a1e9954303ec5afe9452dced220N.exe
"C:\Users\Admin\AppData\Local\Temp\41655a1e9954303ec5afe9452dced220N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
51KB

MD5
433eac246565cf564d72f052ce3ce35e

SHA1
2180c93d5798b88d991948d8588338bfaf234512

SHA256
b4272a4c84e18b40da186e7f2df06fc6ace3dbe1aaded0c3cb3e4d01a6c4ee7c

SHA512
17e5c48243e48c8d2dd1b2184917e09e78e6f066017315aa5a9a4f2a3510f12452456c7136593ff039fb9ad62f0922de7d30a1ed93f8aece1f57e10b8fb11318

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
50c187c7ad8a690e14a8de9a4749ad35

SHA1
d9d49c6d144b4cc6d841acc47aeed29c19df9119

SHA256
c7642edc6cb4a2e8c31ad8bbaf592aa3d48d0a9287b7c5a94a79377fb01f21f4

SHA512
f1f8d94bbb6b302f8dc41c1ed1ee4edd70c9fd3e58961b650cce42d7cdbc765604b282f7029160fcb0c908877169b79bbb13eb1efeb231429aad79f7cfa36921

Download Submit