cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
Size

90KB
MD5

0db4cfc400a00f8a93aa2883b44d73f2
SHA1

0b086343d24db34d6d6298f7780f668a7f829c29
SHA256

cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9
SHA512

532120ed3ccf97b8bd6c577a5bc0d7b144f87ca966c58993e4a7ef2373feb2b1113338e9e440a0abdcc6758249c4e486fb4a146a2e5fde34fdde7c80dc547769
SSDEEP

1536:W7ZDpApYbVK4vx4PN54PN4OHepOHeZSx2SXN:6DWp7W526

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jre7\lib\zi\GMT.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe

C:\Users\Admin\AppData\Local\Temp\cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe
"C:\Users\Admin\AppData\Local\Temp\cae353bf10bf2f1114dc656b4fe467333e67bab7a54a637379e004c74b84ced9.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
90KB

MD5
3991546bc53373013d67b7a8e42881f5

SHA1
5f9a2d58e7cbf931103745ac2c04c170bd74f90d

SHA256
c88db90ccbee1ad3b607954e1484acd759248ccfadf1dd9e4b7482a2a715abc4

SHA512
93c64b18335d05ce4e8064fa8c9463a4d47eefea3f19650625d186e62cb86a8880440e63160b4da598dcbb58213f0270802ca3792d73329e69c6a52283fe0eeb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
afe2d5f82fe281f6400ef1e7a61745b4

SHA1
df83750057f6f83a1d425bb3f7d56cdba6d4612a

SHA256
515a8357a120d58a4736519a0bf03fa1476a39ad882c82894067c4de061cc2d8

SHA512
1d79955528bc649cd4f83a47f1a69703aea095d7f4e63ccde8b81cba218e991ed473990ad30264f0169a60f08ca9f3c866521cce5c1584a47836cf4ff5b4e935

Download Submit