3021430df6c7a655f408de89c4386947bbb316c87cebc1dd40e38fe679c6ed36

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

defea4a2acb3d800a085bd2272c2f1b0N.exe
Size

198KB
MD5

defea4a2acb3d800a085bd2272c2f1b0
SHA1

77be4771452478029aaf9be708020264fc2411e9
SHA256

3021430df6c7a655f408de89c4386947bbb316c87cebc1dd40e38fe679c6ed36
SHA512

3a338fb1816d46128caf2d8fa745e5d6f7d57bf4ee68928c28fa24e7ee579e7a40d2f90e3a899ea4d53ba0c4454ad1f20303e03d7579a29cd7a16e733b8cab35
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzku:RqKB+tOkWKR0iJ0lTzku

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2786) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	defea4a2acb3d800a085bd2272c2f1b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	defea4a2acb3d800a085bd2272c2f1b0N.exe

C:\Users\Admin\AppData\Local\Temp\defea4a2acb3d800a085bd2272c2f1b0N.exe
"C:\Users\Admin\AppData\Local\Temp\defea4a2acb3d800a085bd2272c2f1b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
198KB

MD5
9ea54252332e2a838977da27613ecdad

SHA1
e3b5ec542241501677eb2f7d8ee94ae73d81b10a

SHA256
0417bf70bb28170757a3507ddf058d3c2b94e23f98019dfcaecb7502a6b05332

SHA512
b304af99cf4ca5b4d5b5579bb7916644bab49258fa6bc5d839c1e72e959d4f2e4c3e446dd64a43d4d8cbe231bbd9404cf73944485de8f5a63b4ee6dd98f26b5f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
207KB

MD5
6b19ab6ff680b18bd0d19f3fec083d3c

SHA1
3c48a485eb8e674c4a568b7b875c99853d6a11d9

SHA256
52afdb1986695a748be8580c51f96b5dfb657b0c85416a9e953bca156ac18b59

SHA512
92b81692acc7fac3f37c40b23f3f7da4588bf3a52fbbc48ee383fd472962b9da6f5d261db5448d135cb235664d3fa30a97110963af0021b087b7a5c869c82c7e

Download Submit