bb7201dafac7b6c58d0e5176c9ff6d8f3873cd3121b56229630fe68b499400dc

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

707c02f41a38c677c0010fa9c283d200N.exe
Size

65KB
MD5

707c02f41a38c677c0010fa9c283d200
SHA1

955b5640831a4b88f3a3959ec7218475811b2961
SHA256

bb7201dafac7b6c58d0e5176c9ff6d8f3873cd3121b56229630fe68b499400dc
SHA512

8cdf03c59985c803fee37b78291df114f8962c4034cfaccc3817af45339f27889f99f93b827dae46aeddc3f72f63d4627f53a51fc49aadf6ab1de05d835b5ac1
SSDEEP

768:W7BlphA7dASbSjJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiHoGopdwEbdwE0wsItH6Z:W7ZhA7dABJJ7TTQoQIdwEbdwEZsItH6Z

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3091) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\MoveRead.emf.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\OpenEnable.jpg.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	707c02f41a38c677c0010fa9c283d200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	707c02f41a38c677c0010fa9c283d200N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	707c02f41a38c677c0010fa9c283d200N.exe

C:\Users\Admin\AppData\Local\Temp\707c02f41a38c677c0010fa9c283d200N.exe
"C:\Users\Admin\AppData\Local\Temp\707c02f41a38c677c0010fa9c283d200N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
65KB

MD5
bf54ea5bd57585a2861d8306a9aa099e

SHA1
9a55b855119be3980d7cef84d4e61cf4ed0ff5ca

SHA256
9f016bdcf80f5ce27a2662888e6b93ccb6a6c01b4c05bdb51abf63df5e0b960a

SHA512
45c51be1cbafb8106da85101eeb9b691cee6f09158f69a810c4a01c4bb432b3a0a10a5b62c7e30c3050ea4f45c473b38e63ab2e58922575414725b8ce5192657

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
4ab890962bc06495e3dc43ad65008870

SHA1
b335b13ad87e1284e5f61a918feaa142f345c820

SHA256
0678532a153aff9b92c56331803792b91fdc1e9ccb6a2de422e6ce93bc33f324

SHA512
18ace4e95175434f9b5f7ec03928eed357298e6b58695387ba321fa9314f134a3d669f345c6985d433d844fe043a44a65721cc0a5f56e6612fe0f240e607229c

Download Submit