72b1e98a82effa78630c336bf5274da9e2195d66bb14e426e05fb370391be6f0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22cd910f0324e782c72406de2502bb40N.exe
Size

40KB
MD5

22cd910f0324e782c72406de2502bb40
SHA1

57332faa9429056f6f94c78194f8d48766f38cd5
SHA256

72b1e98a82effa78630c336bf5274da9e2195d66bb14e426e05fb370391be6f0
SHA512

280e41450c4413f8e70a991dca3e1495bf06e96be9f97d84a66ca4b925c39f5e45ca20b2a7f447cbc6a033d60394ead724b6c3bf5277f387c7a8671f56505974
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltf+c:W7ZhA7pApM21LOA1LOl6AX

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2922) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	22cd910f0324e782c72406de2502bb40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	22cd910f0324e782c72406de2502bb40N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22cd910f0324e782c72406de2502bb40N.exe

C:\Users\Admin\AppData\Local\Temp\22cd910f0324e782c72406de2502bb40N.exe
"C:\Users\Admin\AppData\Local\Temp\22cd910f0324e782c72406de2502bb40N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
40KB

MD5
af528123614376eb3bb7c3c2494f904c

SHA1
490267cb68b6ccc059ce1cba375a3b2c822ce8bc

SHA256
08b75232064214cd9429b2ddcb1fc000509561110134258fda9a445f61f2045d

SHA512
728c8e0d05dee1acaf5ad7b013ebcdf8ded0ad2a578df60dbb965bce43def291f6bac8a4d1cd9c71d286e50f1fe10711649e9dcdc7a730fee8f4831f22e7b95f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
2a8c22009fab74b9566d5e46e0d06cc9

SHA1
a3aac26d89155e9cd46a2734e704a46723e428dc

SHA256
00d869fb26f4a2b9c541c5abc0ae29943f2163d1c72bd0f20d64e68dba17824d

SHA512
2df447f5dc195163863eaebaeb656ce79f631e802abcae8bc62a5a402d0f0602d2c9897fb5d5ee8644f0bb1b6d573274058b20d75d27a9091a1e097e38aebd56

Download Submit