e38101985d9ace9c8408d1656c7ee74544b92178d80fd5b89c4d4a9f3d0851fe

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ddd070df51df08a337ecc2b70b38d20N.exe
Size

42KB
MD5

0ddd070df51df08a337ecc2b70b38d20
SHA1

b1a53cd2d15e0ffc9aac7eae486944ddde524a92
SHA256

e38101985d9ace9c8408d1656c7ee74544b92178d80fd5b89c4d4a9f3d0851fe
SHA512

d715f96d6c9fc0504a86e740d2fa8ecdad614ff6dd26d9ba2ba15b272548a38cadc537e92c0a7a9db545658bb668681e3e2604f7706f8bd10544dfc0746e9f46
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/FzzwzfgQemyq8gCgQemyq8gsV0v:/7BlpQpARFbhNIRynybV0v

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3138) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	0ddd070df51df08a337ecc2b70b38d20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0ddd070df51df08a337ecc2b70b38d20N.exe

C:\Users\Admin\AppData\Local\Temp\0ddd070df51df08a337ecc2b70b38d20N.exe
"C:\Users\Admin\AppData\Local\Temp\0ddd070df51df08a337ecc2b70b38d20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
42KB

MD5
e264462f01228ab751d8488f642bbb8e

SHA1
8ba00a3cd7ee5ecde64a60b840916d1c40b2555e

SHA256
eb028c3d6c62ca30ab650a8b03fee318166335a42db27ffb9320292187f3cb2c

SHA512
8ac1fbf29480bb0b859253c577f9b6d514718ba4e145be5454330ee4cb6e46747aa9a00e094088e6e222a26c93c73d63408d25168fc34bbdeecd8ff3055ca98b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
d71b24858198de310066dbbdca01d89e

SHA1
61e146b55c9fc306129bfaf2ec937a3721251c9c

SHA256
30838497a81abbf25bc31dd36d5e79bd3b2d72a97cae793a681faa0ecc2f0d99

SHA512
9782f628f9562fa02d7301791429c54adb33a462532dc38419c0c75c3168d5f4911ebdda46c18a06ebedb72537c7338b026ea2ed9cc4ba977b9c60f62b734516

Download Submit
memory/2360-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2360-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download