baf5d61fa94f8a9a113e22061c02af117d41ddbcf2ab3c40ac63029e25f8d71e

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ab9ceebe28c6339487bf0fa0e341870N.exe
Size

54KB
MD5

7ab9ceebe28c6339487bf0fa0e341870
SHA1

61f033ec35f3fa7e95f5deb22a04492e9b96dcb7
SHA256

baf5d61fa94f8a9a113e22061c02af117d41ddbcf2ab3c40ac63029e25f8d71e
SHA512

ee113bcca7f6174c5e8869108f74f4fd0889ea9e6e82f8b8597195bb48116fca0f3c942d7fa2aea40beb0e4dc1b5195b73bd7bef010dd1102f0e1ed62ee5efe5
SSDEEP

768:W7Blp2sspARFbh5YSfffynfWK9WKWQFLeoVERZLeoVERR:W7Z2sspAp5YSfffyneKIKWQyWR

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\SwitchAssert.ppt.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	7ab9ceebe28c6339487bf0fa0e341870N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7ab9ceebe28c6339487bf0fa0e341870N.exe

C:\Users\Admin\AppData\Local\Temp\7ab9ceebe28c6339487bf0fa0e341870N.exe
"C:\Users\Admin\AppData\Local\Temp\7ab9ceebe28c6339487bf0fa0e341870N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
55KB

MD5
f6c6fa72d7bb35b623d3806943b27378

SHA1
b78978c90e273e38e392f88e554114ab45950829

SHA256
c0c47c6f119459e4af467419568bf395d1afb2878adebc19ee88c741c5ce453e

SHA512
d54230c915a0be2beed7a9988fab0fe7232e1c29719a8bead9c54f069a5cc6fc6780452d4600eaef0a187ade2aa2ae87ff7873e50a964caab72f743c003097e8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
05322a0f91fdf01e0554faf4ba3df7a5

SHA1
beea09cd17c2eb59befa8d1a639a043e83e12aed

SHA256
f79db7143dda1d81f32b0738241d1e7e901838b12f665e8fb22d3ad29c571d27

SHA512
5a46f2c6a6e4729a1cd1beb0d67b45f1a9c8cb7603f744e07a0b4e851d037a9be61cbf6dec80e44b9bb6f315643e6e0ec6012fc224d3a2bbd1a02d7a17958f74

Download Submit