aedbc9cf49765c6a202179e635d8df19ca4a2f7937550efbc5c041836b19c9b2

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ac314903c9cb2973f2f458075722610N.exe
Size

51KB
MD5

1ac314903c9cb2973f2f458075722610
SHA1

8d0345994637d1d38948815197054d61b504750c
SHA256

aedbc9cf49765c6a202179e635d8df19ca4a2f7937550efbc5c041836b19c9b2
SHA512

bca3d27988bd8ca1a6a563537d08966d9a3743793ee259210ebe3b40f70c02e8a98cf13a89b529c9b153d6de62e369d0d603d75ace763d89ad56e99d23b95656
SSDEEP

768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeD:W7ZhA7dAIJtvXtvc

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3315) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\UndoInstall.vst.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	1ac314903c9cb2973f2f458075722610N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	1ac314903c9cb2973f2f458075722610N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ac314903c9cb2973f2f458075722610N.exe

C:\Users\Admin\AppData\Local\Temp\1ac314903c9cb2973f2f458075722610N.exe
"C:\Users\Admin\AppData\Local\Temp\1ac314903c9cb2973f2f458075722610N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
51KB

MD5
77b984a3d9c5fb8e3d787bb3ab63bb6f

SHA1
f226e91b70c39097261b09de1065918f5ca3e655

SHA256
b80791a48ac4e946c5fe2f26849ff7cdfa8d2d6d85a7e401da9bdcca05a49193

SHA512
fa9f2179b50689d0f6c66c045e840d940076145556b33a1e5bd7c1b934cd114fda31b16061b03c1c1fbbe07e3db76c3425a6348dc46983838b70ef6c9c271148

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
2a4f1e68ab1574cbe42021c8b743ae0a

SHA1
f93d25217359b4449fee553b0caa0ad3e60bc38a

SHA256
bf75b13d2ebe22c2dd00679319cdeb360aef52673ff2f33bab8aa5cdb9e00854

SHA512
caa8a40038c1cc2d4b3335cd801ea5118bb5018b512fd896b41372d299acaa0853391009119b44064ee284bd8755aa7e8e5623467fe631282431c5e2927debde

Download Submit