3a79c22de6144d9ecc4a5a48ed944b4ffd4b5214ecceac5edb6868fba0ef97c3

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 10:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a7d2101c8154f1dff617cb0a49aa8f0N.exe
Size

41KB
MD5

2a7d2101c8154f1dff617cb0a49aa8f0
SHA1

8f9247ebcad94bef07306c420dea1ad1b71525d0
SHA256

3a79c22de6144d9ecc4a5a48ed944b4ffd4b5214ecceac5edb6868fba0ef97c3
SHA512

69b174510f1969f8a90dd20e768274a871356e33ec6678b857fd364145087f7bed44414681dec821c8ba1651e3e7802efcc07bf2be1638adfd1d1ff5b4a1e39a
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v7b22vZ11F1pJ3P30k:GBt7Br5xjL9AgA71Fbhv7bhvZ11F1nPV

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	2a7d2101c8154f1dff617cb0a49aa8f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2a7d2101c8154f1dff617cb0a49aa8f0N.exe

C:\Users\Admin\AppData\Local\Temp\2a7d2101c8154f1dff617cb0a49aa8f0N.exe
"C:\Users\Admin\AppData\Local\Temp\2a7d2101c8154f1dff617cb0a49aa8f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
41KB

MD5
2e7d43a20ac83987b6858038b6b8f24d

SHA1
88c669d787467fff2283251bb759e11be960c61b

SHA256
69ec5d7f84e6a47824bd47484eb22a7641c2bf47e74e826ba1ca6068b0704a39

SHA512
07fc8b7fac2144e08d6782fe00d6c3ddb25465515d19b4d46fd6e5f2b683d62f6ee86c43e8b3f12ffa8daf1816c86cf38fb6388e279eb4a9a4f67f61c3835aab

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
8ab18096a4e463f04a47596b59d1b31d

SHA1
bdcb13b6b7e5e5d8ca513769239402cda2732834

SHA256
b131108fbf827cc553247b8c82c5af73047f9623cf2819fa6421a54bb7297a23

SHA512
a094c417e68a0d54c727d0baffadff3306e9681f7d939abf147f65081a456a8a450f6914c0487e390b7fde338207de858d45d68c9244ad6ba739067a71864ebf

Download Submit