0404e02c6c84d0982f7a11b2fb3c2637351407078e5bd1d2fd4184254ec53dd0

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 02:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

39946a4e1735910e7be9cf80a856ec90N.exe
Size

82KB
MD5

39946a4e1735910e7be9cf80a856ec90
SHA1

984d1a5cb09bd69dfdd8e15baffd1471572e4cc8
SHA256

0404e02c6c84d0982f7a11b2fb3c2637351407078e5bd1d2fd4184254ec53dd0
SHA512

88e6c4018eb71df0236cce1298e8b94dbb2bcc9446e3ec5c308f937262a171b113eee0b051d180f62e26be3ae42d8747cfd9172644661afdafb826352c182208
SSDEEP

384:yBs7Br5xjL8AgA71FbhvJUfWGUfHjtmjtd5NaMR5NaBQNNmPx/Pxx:/7BlpQpARFbhiWb8naOnaBGNS1T

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3080) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	39946a4e1735910e7be9cf80a856ec90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	39946a4e1735910e7be9cf80a856ec90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39946a4e1735910e7be9cf80a856ec90N.exe

C:\Users\Admin\AppData\Local\Temp\39946a4e1735910e7be9cf80a856ec90N.exe
"C:\Users\Admin\AppData\Local\Temp\39946a4e1735910e7be9cf80a856ec90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
82KB

MD5
df05508c6775035170f17d9d830bb9e1

SHA1
5249253d50db5863e53e4d1f1cb08b7dd0167aa1

SHA256
f2bb6e69a048c81aa365911586edf55ee83471779bacfdc171498a750ce78a89

SHA512
ccb5eb179070baf69991e18add5854eb04981af502cf8ad3f96a4a9ccc3091bb167402fb0b364da086c4b33395a8771a92707d4bdf4936c75b675b46b2f50ff7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
f76c598a5fe112007e5b8e624f7782af

SHA1
f294900de17ab5ea8494e2c60bf8ddb9db7b2a00

SHA256
7892e022e148daff92dc30bfcbde8a916b3a21c7f44ad7e1ee3b5b25f7a1b765

SHA512
81d4a7639503c2f675a1dbe87762e47bf19f5cd918c1a62fbe7c36c5605c75644304ab5ecb290f35cfcfa7744bd9ec46a0f2cb295ee58c1ea7cdec80d0e1b641

Download Submit
memory/2148-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2148-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download