7214080e6c5017e6cc075d2a868f00f647486aca10c0fedaa62ca02cdfef3f2e

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15b2e189a5d544eb3b35fdf206061270N.exe
Size

40KB
MD5

15b2e189a5d544eb3b35fdf206061270
SHA1

156ab479917f5ea487d022112782ceeecb723219
SHA256

7214080e6c5017e6cc075d2a868f00f647486aca10c0fedaa62ca02cdfef3f2e
SHA512

d7c439992e052232e25d9f1ac1afb3dde0a3215dba9df0cceb14d49761b399ecde0266e28b36f05203e6d5b7fbdeb639952daa7b102cdef1bc38d73916fe3c2c
SSDEEP

768:W7BlpppARFbhjbhPKueKudLw1LC5XQozeK:W7ZppApB785XQoZ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3459) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	15b2e189a5d544eb3b35fdf206061270N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	15b2e189a5d544eb3b35fdf206061270N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15b2e189a5d544eb3b35fdf206061270N.exe

C:\Users\Admin\AppData\Local\Temp\15b2e189a5d544eb3b35fdf206061270N.exe
"C:\Users\Admin\AppData\Local\Temp\15b2e189a5d544eb3b35fdf206061270N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
41KB

MD5
a1a54f5080e6b51dfd7f95e76c4f811f

SHA1
88e47871632ff30319acbd14e064d948d4d2b579

SHA256
bcbb322d8d81d0866ea07f4f8145cf708820202e83d9aab5d0505e5df8a78464

SHA512
0979e1c52d8a5d3db0cb92db5a29d54ae5498515b884361bd91176d12d7e3765d88d029b3e454463622f21a9f14d977fff3a49a9175c78fd70dd4dce4648445d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
0e84bcdd7a30f5b068d4386935da6e03

SHA1
f35d4e08914bf3ea837c81a9e81efe08a78c5c6c

SHA256
f029d12377296fbed07a7295adcdbcd44a9e5feb44596b8fa3edc921e159fdac

SHA512
7c34ca1ae502a7c84fb8d59ff7687793b9d28822c7249d1c2e613e4feacce992da59f0a7e87beab83a2d0d59be1a07ed55c0a3f34380b4098b192554ea2d28fd

Download Submit