4c982b23679a7c6a3e25ebb5bec66ea84c680180643f724b6245a7ade96111b8

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88aca0a893eb3a397efd9624a0b1b160N.exe
Size

190KB
MD5

88aca0a893eb3a397efd9624a0b1b160
SHA1

ae109ece23d97d5461f4aa30354fbb0df4a9b1dd
SHA256

4c982b23679a7c6a3e25ebb5bec66ea84c680180643f724b6245a7ade96111b8
SHA512

ee2e5ac0ed16be1df93cd915c52498114e0e91893dee9fb18fb8f4c6d08bd72d152fd71906e9b4b9f79dbc98ec4d38aa402af894e400fbd9549177a9407648c5
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBgnW59XGww:RqKB+tOkWKR0iJ0MnW5Eww

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2697) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	88aca0a893eb3a397efd9624a0b1b160N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88aca0a893eb3a397efd9624a0b1b160N.exe

C:\Users\Admin\AppData\Local\Temp\88aca0a893eb3a397efd9624a0b1b160N.exe
"C:\Users\Admin\AppData\Local\Temp\88aca0a893eb3a397efd9624a0b1b160N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
190KB

MD5
96f023023cd50f95340fa514dd2fae2c

SHA1
05ee410577ffba0a3d900dbe34cee6f09622c212

SHA256
7869ec25d5b3a9290b717249661a6485911637e686cbdbf98e2e87a7f04e2c81

SHA512
a3104dbc79c6b21e583ea7cd19006c2c32078fef907deae0ff3861787da885cafeecea3e20b49ecab810ac199132837742060583220557d49b069fb29e282d1c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
199KB

MD5
6828167e795b2156450ffb7a2170f27e

SHA1
9baa8c2b4680a37de844d6eff700c7b499348c2e

SHA256
4135b35c36b46a1487108e830021a5083618aac0f4e6a66e6e3f1d23b3a8e2a0

SHA512
766aa61f67e2cae6e8550e91a65ba2e104af49f8298b8f38922d4dbbb7ed1cbb12506c4761964e924eb360ae6f59907604f81972a8d1b01182b8ff7c58a0be10

Download Submit