7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
Size

51KB
MD5

59f1e3d6c87c762a19c83d8cdcecae1a
SHA1

dd85a1e525295aac44810e1d2664edc68d388070
SHA256

7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867
SHA512

2eb96ec76b3ccdd87a6c02d04e3a5e69448f3369333c53cfa373a70d31c1b2ff9ff78541162401d4137573ac78a137a06c45c8e00f8fc03cc24d6294f85abdb4
SSDEEP

768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKe6:W7ZhA7dAIJtvXtvt

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1030) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe

C:\Users\Admin\AppData\Local\Temp\7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe
"C:\Users\Admin\AppData\Local\Temp\7b522288690655553549ad385de5e31a61d9bffb3630a06efa43b90cecc10867.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
52KB

MD5
f7a799cb7db191231b841acd4398c19a

SHA1
cad8be604128a75bab2ed0072be3dc12c95f5c6a

SHA256
001465bf620964ed333b1db3a9036e272896fc118cea476394e7c8e71eb98345

SHA512
a01bcea1ce52b639e9dda4a847167add8dc79df14031c4372fdbf8573b5612995d8bf9d14071cca249798c43b7036768d2021f24b8e0641a0eec05e3af2ae316

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
fff285260af2a783eb5294766eac666e

SHA1
24e7fc7e0c2896d0f0d11efac8f3b15ab9bcc84d

SHA256
c27ea4b0500dd4f2f4cb29c2363564655ccbfe949aad9e2fa9b4df86af28ab7e

SHA512
75d604ecf5599d47fc9aae58927ca9cd5c6a4d96286e39b380c7e6a10077e82b3a954a1ac820349f00b099d5557b0cfa34d1d3233e0df9dc3ea77d354c97487a

Download Submit