12ea4edf7272122dd2a789aa67dc7a2dec70eb86664c6833804e37ce4ba259c5

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de53c3f5d1f7b1de2ab00682d104b6e0N.exe
Size

49KB
MD5

de53c3f5d1f7b1de2ab00682d104b6e0
SHA1

eb321daa2e57874830ff0ddae85672a47798d8d1
SHA256

12ea4edf7272122dd2a789aa67dc7a2dec70eb86664c6833804e37ce4ba259c5
SHA512

a61eca5b732aed14636ed835569bdb6ca3e27e14f236b7cda9caeefa910d3025d8a1b270f3ce48eb79320f7a4cc3b6c4cdd051738abe18f909e31accb0f31ea2
SSDEEP

1536:W7ZppApBULcfpHLcfpAfxRfxuw1wSY6IY6UPV:6pWpBwchcKf7fn2C

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3264) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\ResetInitialize.midi.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	de53c3f5d1f7b1de2ab00682d104b6e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de53c3f5d1f7b1de2ab00682d104b6e0N.exe

C:\Users\Admin\AppData\Local\Temp\de53c3f5d1f7b1de2ab00682d104b6e0N.exe
"C:\Users\Admin\AppData\Local\Temp\de53c3f5d1f7b1de2ab00682d104b6e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
49KB

MD5
042f596da6a86eaa5e3554f1d5c1ddf1

SHA1
53e0a3f07d163ca6796d2afcb5af8da15f19fc31

SHA256
9da120429afb60001df27eaedb2ce2baaa43808d9b2bc9838fbebd4975e31ea2

SHA512
54094ae78dce2b8961576e04f06c70a9eb3fe9fe464d37568f81ec19eee115219987c67b8799ab3f381f3ad2b3913b93096b9986d533df225f5d2429b7b89b33

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
739222698e6fbf76ee2979216565888d

SHA1
329de5ed11d7b0f0dd957fdbb486f840fcd3901a

SHA256
453f778c294866f9dc82752d1aaba354a446dcb4d70d6e2c2e58079839f6a44f

SHA512
9a220ab93e08660ff9729410aee4752e7d3d97f7fd175ebfbf209851bcb73aec41fa826010b8c967a91bdff5f57733d56c3dd06750f6ad5b1660897816ccbf4b

Download Submit