43b07052d2fc62f3174c1a819bf00666c4a4a6a5f8b069c1cc11a70d85360daf

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-09-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

858da43736fc1ec0ce87c0072af030c0N.exe
Size

52KB
MD5

858da43736fc1ec0ce87c0072af030c0
SHA1

bd326794db082f00dc8c700b538747709c640bb9
SHA256

43b07052d2fc62f3174c1a819bf00666c4a4a6a5f8b069c1cc11a70d85360daf
SHA512

8531fab9619da8273b4f0cd1e72b5f227f125ac0548806d649acdb3aa5890bccb3ade4b12d8616a968d9ce55616c96562e7db5032766f3eccbf08d0c59ebdcf5
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVy/VeSFgZg6:W7ZppApyVyjVy/ESFgZg6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3247) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	858da43736fc1ec0ce87c0072af030c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	858da43736fc1ec0ce87c0072af030c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	858da43736fc1ec0ce87c0072af030c0N.exe

C:\Users\Admin\AppData\Local\Temp\858da43736fc1ec0ce87c0072af030c0N.exe
"C:\Users\Admin\AppData\Local\Temp\858da43736fc1ec0ce87c0072af030c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
53KB

MD5
dd8478a5790f91c3eb7529c079be0153

SHA1
04e4f812a04fe81cfa2ec6ddb79a714f3f21f26c

SHA256
02cb65df6a8844402ff1a54b174a9f8d871d1bffa1d65a5d1c066f7766939c25

SHA512
d10f8640325f449168624c1758fd57fcc26779963aa691df0811faaf10fe2f12ffd9ce659a54fd45902dbdd93fc5af5b7b1d96f3027f77b72add5a8f984c6482

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
b7f6fc197e4982d831edcc5b0879b064

SHA1
99d92b7bb63360d45159093a0034a71d28ae69fe

SHA256
bb82d414c60e798a58809e795ea9d425425ea16a83a6c07bf478aeddeec1acc1

SHA512
92ee4688eca4dbd43dee7d896f4c67ab97d6bfb85ee9dca29808a3e17decb0f8ef061775c3748c77f72513ff143e4d6bcb7a8e2c39136cc31a4b3239992e5b82

Download Submit