47873126bd49e39e57fa019ad53b5e82c57328bf8e0cb1316c15c2404b2f0737

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 11:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

156b8f1635681b835b9995f5920d5b30N.exe
Size

48KB
MD5

156b8f1635681b835b9995f5920d5b30
SHA1

38cda631e8784d4b799f1a92cd014ad788b0febd
SHA256

47873126bd49e39e57fa019ad53b5e82c57328bf8e0cb1316c15c2404b2f0737
SHA512

1b104f1c5ce5bc8521f9a2bd23d72342d215b3d0dda3e6f94012719ee7b1c49d0ce4fa0646982d4af00ca7863542dabfd9c6ef1da1e06e5bd5f44e03538648e0
SSDEEP

768:W7BlphA7pARFbhM0KW2s9B4b09Xgd7jylZqzpvfw:W7ZhA7pApMaxB4b0CYZ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3149) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	156b8f1635681b835b9995f5920d5b30N.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	156b8f1635681b835b9995f5920d5b30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	156b8f1635681b835b9995f5920d5b30N.exe

C:\Users\Admin\AppData\Local\Temp\156b8f1635681b835b9995f5920d5b30N.exe
"C:\Users\Admin\AppData\Local\Temp\156b8f1635681b835b9995f5920d5b30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
48KB

MD5
fcc159b76ae072b06b068816953cb2f7

SHA1
f6926d728c900f4b9a34990ac4bc182332f6c605

SHA256
7b96525efa6d85042f5192202ad91d792d957c15089687310051f10f77001391

SHA512
0a337a20985534bf09a3a2f500e196a2db4c5bdde48c69c9adef11dfd3d2b88e6530ab27ead9f6ddd334704080b4392e4674238860d5f6c8fb90fb5e28717450

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
fc83e3e45256653f6615c17331159c11

SHA1
a2345129c644007e187973a926c650c2aba4bd71

SHA256
57d079d7ca1e7e1efd028ed86b77ba6c7caa6f123d9078eb42b0f4801b6aaa18

SHA512
c94de4aa2195cefa97a6ea71d79166c0276eae526889ed000a2cf7932d950528806fdf1fbfb481aae28170e00c6f78680d283763f1281aa6e353d194dfffc5d9

Download Submit