d0c603436bc725a9ec830c064e60fe8fcab187b31f44434bfbe12ccfc08e2da3

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94cb13a9e7b34055edbcd7fd5e6ca470N.exe
Size

86KB
MD5

94cb13a9e7b34055edbcd7fd5e6ca470
SHA1

77a6f2fd7ba3b6aef77d140d038739078ea5bbdb
SHA256

d0c603436bc725a9ec830c064e60fe8fcab187b31f44434bfbe12ccfc08e2da3
SHA512

fc57eeb8821baa067e577ef8875407f42276a1c245ecd96a99881a2dc3e5134e682cd50e1bb219144afd3a6095ef06c7f72e7f02d8734f1fb5be54dc9e1729fe
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvapBpYYpSZSUabaT:6NLWpCZIzjwHwlabaT

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3081) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\CompressRestart.jpeg.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	94cb13a9e7b34055edbcd7fd5e6ca470N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	94cb13a9e7b34055edbcd7fd5e6ca470N.exe

C:\Users\Admin\AppData\Local\Temp\94cb13a9e7b34055edbcd7fd5e6ca470N.exe
"C:\Users\Admin\AppData\Local\Temp\94cb13a9e7b34055edbcd7fd5e6ca470N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
86KB

MD5
b7607b61304087ef26803cb03e90cf0b

SHA1
7ffa6860c6816d88157fe214645fcccd38a32e6d

SHA256
cf9e4e12fe087974002d5463583ba0752f4210c122293b8e07810aec951e27c4

SHA512
d108851041720af70d5b036e042f66b27809d428812ebab93b1ca58ce3fdda0c932c4c52e6ceb25e1401d61940056abae9081cb08c86059f6eabe0e97265f4e5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
8765328dfa41edfaa97f01bd8a36e6ec

SHA1
e9660a85342d87e865e0b37288fc98ff639c6329

SHA256
0f950659834eca383602dec9f52f5b4c2c983e26c6a50d049b4be336ff1bac9f

SHA512
76b3cdc4ade2405cbaf5af7abeae9d2c3ab9bd75603777fb7ba8a021a02175f3c677d5fbbb77d04bcd87db243107c70cd695f0a9c770b0389ff8cfc72fe50080

Download Submit