980bd8cb442f5b771362babea4b6b1b9bee582569854a48b3f6c96eb4995b396

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

232c59784d50a8ee5921bb0950ca9610N.exe
Size

133KB
MD5

232c59784d50a8ee5921bb0950ca9610
SHA1

bcf404082073c4c007796f14ad02185fbd5facd7
SHA256

980bd8cb442f5b771362babea4b6b1b9bee582569854a48b3f6c96eb4995b396
SHA512

b5bec208708656d102d5fda6c136e567805022d2f7b6e5d3e8bcd3ea1f3bbd15741018af79cce017c8a48349cc285ee15f9716f0b596ba937ecf99c9cc9a26ec
SSDEEP

1536:W7ZhA7pApMaxB4b0CYRHyE2ncwEoh4WXW5lhyYrq+gykkQ4y9ctO:6e7WpMaxeb0CYjm1Jgqt+JkkDyX

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2873) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	232c59784d50a8ee5921bb0950ca9610N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	232c59784d50a8ee5921bb0950ca9610N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	232c59784d50a8ee5921bb0950ca9610N.exe

C:\Users\Admin\AppData\Local\Temp\232c59784d50a8ee5921bb0950ca9610N.exe
"C:\Users\Admin\AppData\Local\Temp\232c59784d50a8ee5921bb0950ca9610N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
134KB

MD5
b1b97c3e71ab5bd8720211c371405517

SHA1
718a7a6ba9b3a9f77d31a917781f963b2ca5459d

SHA256
b85ca47b7723b3c0ab7f264739917c8c3beaf362649b373c69df4421d4679368

SHA512
3d35cfd86a0eba2375b685110f8de6a6f633ea172f56b1ed23ea10249b390ac0aa6b64ce541a252aab0c4cc81aec0a3c609d95aef05e054f83fbfcff6a7603d8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
143KB

MD5
9753f38ef8475188499186e6fdefd0cc

SHA1
339eca8358b25d38cfaaf1d68dc75b0b13d7df58

SHA256
6b0cff7c2787ceb6011fa311c0e492a070e897fadcd8e6918b49d8c4951f5a72

SHA512
580b461f19353806d20e04b39e4657edb5ba36d8d396038b1efb08548e799c4c7b40b4e133755e9ad89d82998706c4053261ecc71670e57da53c1a5b9751391a

Download Submit