4ab318d8af667020164b8656ea6c8808bc8e7f176193a10ede6dfd21b0857d4f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83db1095afd3f7dae51b2f7db317dc20N.exe
Size

46KB
MD5

83db1095afd3f7dae51b2f7db317dc20
SHA1

5d217994b95c4c765cd2e5e632364a1ccd2986c6
SHA256

4ab318d8af667020164b8656ea6c8808bc8e7f176193a10ede6dfd21b0857d4f
SHA512

96539f1df3f9eb585cdc340e4b53c49851d136b2d4b66e322f22c88e52b848942f12bc713fe09d7641496c337f32ab51a0dc901b1f0e8cc6157574bad0608aa8
SSDEEP

384:GBt7Br5xjLdbAAgA71FbhvU8g0U0fLMzyKbNzzyKbNWkq3DLXakq3DLXGbg142NW:W7Blp+pARFbhBgnKLMWK9WKD2N2w

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3339) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\TraceSplit.vsw.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	83db1095afd3f7dae51b2f7db317dc20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83db1095afd3f7dae51b2f7db317dc20N.exe

C:\Users\Admin\AppData\Local\Temp\83db1095afd3f7dae51b2f7db317dc20N.exe
"C:\Users\Admin\AppData\Local\Temp\83db1095afd3f7dae51b2f7db317dc20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
46KB

MD5
4e221de9bcc409f8394158e526c3da11

SHA1
06890536a5846441c6361a3d7adc2333718faad2

SHA256
b10e0097fdaf3c957d6d5b159c6e2a97991a8297f4aff4b96b1f96b380034a74

SHA512
a4ed457cb413b57fbdc6678989fd377221a75081c4f3b98dbe2f08cccfb9ee13ce1cc0af2edf5bc1727627b49dfa103273354b6b35c7d3cdc98ef6ce35a93942

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
70b3d63076aaca61ed6fea0694026691

SHA1
076ee82a5cea18b64a63650f822f87f9c09a77d5

SHA256
97d9b96b3e83e02c4379795bc683f20dcc75787b73e51ef4dcbaa971088dc1bc

SHA512
0fb9ef6dfa050801029b08530c001040cbd2549fb5d1c0f26bf750af40e6024ebaaa667bf466a49d77a695ca818df6fb94617fafac650193eec2ad817fc15010

Download Submit