f13e0423f923fef4b39d4dbc4fae5a69eb8adb1bb9fca95962ad6cb63fc8119b

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2e563b41ffaa1b58153e212a0205930N.exe
Size

146KB
MD5

d2e563b41ffaa1b58153e212a0205930
SHA1

ca0627aad2a26d91027880a3666bbed9934d4b6e
SHA256

f13e0423f923fef4b39d4dbc4fae5a69eb8adb1bb9fca95962ad6cb63fc8119b
SHA512

d75da89b46e311b4420b528a488eceb28c537fedd59fd8183b072378a66936c196d9b9c31774e616786b72aa857bb4f4b47037debab25adf198cd37319172c48
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7f/e7WpMaxeb0CY3:RqKvb0CYJ973e+eKZOf7fWqKvb0CY3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\ConvertRegister.mpeg.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	d2e563b41ffaa1b58153e212a0205930N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	d2e563b41ffaa1b58153e212a0205930N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d2e563b41ffaa1b58153e212a0205930N.exe

C:\Users\Admin\AppData\Local\Temp\d2e563b41ffaa1b58153e212a0205930N.exe
"C:\Users\Admin\AppData\Local\Temp\d2e563b41ffaa1b58153e212a0205930N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
146KB

MD5
5841221b3c05a0ebdb53627f0d80ebf1

SHA1
4ec1a8cb0d3569bc84ae4be6ecdc7e3d06149726

SHA256
f3aab53642a236ad3ee93f5a318b6703d6008f9de5535f2913b653afa3b35ecb

SHA512
1112f2a897e83b9528d92c9fc92b90726841df7b0b650979eca33b5644eddd97b7c8a6b8308ff9ae62d9be706c48b696e4c3ebb85741a0b0debf23e0db12fff7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
155KB

MD5
c6e8d54342b326ab89de28fda53f14c0

SHA1
6fa0f0b4fd9d7860a208887c3ac5856ec3b32690

SHA256
f2abc21eab48f6c20f85b4c9133c1ab2faac74e6377f5627a9839f372999fe56

SHA512
83ff56c2a0e61d7fab4412062afce33beae96b0a7110662abf0287f948049c0724c1c7e5d20fced1400671c43a2d93e16ab7da69500ba67612fe75865f79d9c2

Download Submit