5923db14d94bb760b5b76c14e27ef5fde32fde15ea621b7d55de56e86bb048f4

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 15:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
Size

66KB
MD5

2621cc0e0fda53d6acf4bdddc8dda6e0
SHA1

851e6baed1b614e6092b2dd9e508cf3eef9649fa
SHA256

5923db14d94bb760b5b76c14e27ef5fde32fde15ea621b7d55de56e86bb048f4
SHA512

8e2ff324ae9db196d7d3463a7027f321ca40faf9d628ca369c454f14f165928f52d4826248c6f8beca404d50c9d80c4d69f8e62f231f069bc57f8e3b5997024f
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/EUNUSu:W7ZppApBULcfpHLcfpX2/Nw/NwmxRSu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2924) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2621cc0e0fda53d6acf4bdddc8dda6e0N.exe

C:\Users\Admin\AppData\Local\Temp\2621cc0e0fda53d6acf4bdddc8dda6e0N.exe
"C:\Users\Admin\AppData\Local\Temp\2621cc0e0fda53d6acf4bdddc8dda6e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
66KB

MD5
48a868aedadf936ff19b7fe0c49b8953

SHA1
e5dc0963b1346cde6f4f163f92c3446da4063a3a

SHA256
9cf166d70e6d9a00285ee2df8d4966991bcc9f397905979962c43bd415066fdd

SHA512
88e60ab588f9095634526cca3d2d1ee3e049b1c1314961c7260bfe85117b76e38c1325610eb430716479d1d57c3fa1c01a326a1d96bb1e491bdd4f24847ddcb9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
381225aab850f64d9d1874fffa6cd83e

SHA1
18a2e3b01ed5cf1a9f2edcea43a8ad12ae8bf487

SHA256
96bf5cbb2d33807a71b9e28c7902e7871978e38d7aaad2d536e6b4dd8bd64462

SHA512
2809d5f239dbfd66d31aa6cfae34e10b8a42a32ca30c1f81b7befea9e4423679cef290e8f14670323dc165d6e610ed5a8a96d5a00ee08f5a6fc9f4e7e3c3dcb5

Download Submit