7eed1bf9207b97ea0799b9d6764840998fa64dfcc4b28a310a1c6b35590e97e3

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 18:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

db1c728d92e6e0adc7b303286d43f580N.exe
Size

49KB
MD5

db1c728d92e6e0adc7b303286d43f580
SHA1

2114addf7f7ef54a003a6f01bc71e778e2ba6997
SHA256

7eed1bf9207b97ea0799b9d6764840998fa64dfcc4b28a310a1c6b35590e97e3
SHA512

e022b0c6c85f8ab01a85584196a38e98a39d126cb2c0ed923a343f03df6680e3fe6ca519e08f6905c9ed53a1492b99429d634afbcbb0d5e74553eaf5cc9bfd4c
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSwVEVrTfdi1x7Tfdi1xm:W7ZhA7pApM21LOA1LOl6vSBTo/Toq

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2906) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	db1c728d92e6e0adc7b303286d43f580N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	db1c728d92e6e0adc7b303286d43f580N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db1c728d92e6e0adc7b303286d43f580N.exe

C:\Users\Admin\AppData\Local\Temp\db1c728d92e6e0adc7b303286d43f580N.exe
"C:\Users\Admin\AppData\Local\Temp\db1c728d92e6e0adc7b303286d43f580N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
50KB

MD5
d9a5f1f8b3cc7e717b85b73219e7e711

SHA1
26f6cffd860b9c2a69159e4c33260f2d8a98b108

SHA256
cd182285e9d028fc575abedc91f071bae2bb2da6a2af40f895b7a9dc8a6d193a

SHA512
a304927ba1ed24c4a696c839e31013ffb55cab3648eb25310d1738823686730621ae35e0d9e68ebf981c5e157feddb840b8fbac34e2058802782ed0fae7527c5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
8c84b29948d5e725f8b62a4543ac809c

SHA1
5cbea6d110b75bd3dad2c7a81e6f35a2602f3523

SHA256
2b9bb0116bc4db2e4ee7aab119f4cee310ecacf496cb6b752e05ef01eee87ade

SHA512
01f2330eb5c6881f59c46f07ab7d6793ccb3581ebf6544121b2c6fdb7e897dea1bc4eaa5b84558f0cc5118df0fb3ad7ff4cb8acc157a30a90eb0a0dce4146025

Download Submit