d3c0f62e0ffabc7a235752706174434bc508613782350a3897ffa7c9b2f30a58

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

819e9e4e81350b5b132e5c9b1cfa0a30N.exe
Size

42KB
MD5

819e9e4e81350b5b132e5c9b1cfa0a30
SHA1

1dbf602e4b14f2f1ca776c83713ec2fa2bed6ac7
SHA256

d3c0f62e0ffabc7a235752706174434bc508613782350a3897ffa7c9b2f30a58
SHA512

4b102db922f727933874379c1d59a00586bd328a9622c618870c2f875511e726e413bdcbec3eda9e3f46362a8161e55489ed89119ef86ddd3f47d334834c92c3
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpAfxRfxuKVKgKVKJ:W7ZppApBULcfpHLcfpAfxRfxuw1wa

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3409) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	819e9e4e81350b5b132e5c9b1cfa0a30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	819e9e4e81350b5b132e5c9b1cfa0a30N.exe

C:\Users\Admin\AppData\Local\Temp\819e9e4e81350b5b132e5c9b1cfa0a30N.exe
"C:\Users\Admin\AppData\Local\Temp\819e9e4e81350b5b132e5c9b1cfa0a30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
42KB

MD5
e9f195835e7186125aa3f1e2bf4a4b89

SHA1
ffc25501184b6cd150ae1a9648857c53f40f90c1

SHA256
68bcacafff532c6af29c7fc80a1bfd780c58084f881f2f0cb665cb31c072c166

SHA512
f769b462419086a4987fcda8563a3146f4b29caa533af5c5801e2a8172ce1ab9c70f4e27d53ffb1c3dcffabd6d70358a81033497b6159b44c5deb3a4f0027276

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
cfaa15091d74d8783d2167e10029b8ec

SHA1
25f6c207ae63d0d277a4ae18eafd5042da0e56d9

SHA256
c76fb15caa66c626260eb416e9efef5575b5fda2efe6acdf662bf733001d4d58

SHA512
32a85c93a77ef3e0fa1c6a3725a7a351f5729a0567be4479f5c3be55e5f6845f00584a92b51606e697413230f752aa4e79c67060bb373659fef97b43e56f3525

Download Submit