a9c46e8f6d9a1d486269e698175efe99e769c32af713c268889d268945558402

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51c7515437279604a66d4b7ad0e20f50N.exe
Size

44KB
MD5

51c7515437279604a66d4b7ad0e20f50
SHA1

d87cd9e035d7edca3d9913f1cfbcefef8eea8cfa
SHA256

a9c46e8f6d9a1d486269e698175efe99e769c32af713c268889d268945558402
SHA512

5b74296e65f5be0ca7f27d925dd41de88fc2afaf6c91b8d23ccbbc062d7ddce3d307953437ae802a5c4d040565d7cc01ad947eaf46e36c5cd3793b7077b7166d
SSDEEP

384:GBt7Br5xjL7lAgA71Fbhvt3wso2IOiJvfo2IOiJv1vAvq:W7Blp9pARFbheso2IOiJvfo2IOiJvN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3274) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	51c7515437279604a66d4b7ad0e20f50N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	51c7515437279604a66d4b7ad0e20f50N.exe

C:\Users\Admin\AppData\Local\Temp\51c7515437279604a66d4b7ad0e20f50N.exe
"C:\Users\Admin\AppData\Local\Temp\51c7515437279604a66d4b7ad0e20f50N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
44KB

MD5
494774c6ecc9fa43860205bc1d9a14e2

SHA1
73eb6d70907f7c532051aee5ac851728cf2cd513

SHA256
fea020dd5277935c4480a6a0cc2109f0248f0650ffef7df9b483238c5f4b122b

SHA512
19e4f2f41cefa1fbb4ec87769a28a06aa0fce488be09626f414c4f2f33003c41ae483c064aff938ba949440cdf334ac8eeee87d6920605bab13cb7acf70fa0e8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
2ab1a1839d5cbff190317842d744ea40

SHA1
b1ae365d2966b90f3e800a994942f2eaa9fb6a41

SHA256
2667663e8dcd87b17a35be23c34ec1038e9c4f897874e3fa34cf12999e0af138

SHA512
e3a5c872c5a06d5e59c26df31914176a37b5c743d44c91ba0d421ea852a912c6c22c241d8e6863fba984905799934f0e609629dc08db90dddf1c166646d15c03

Download Submit