b3df799ce9ea3816db64ae2eb37d47ed15be841b0ac23d8331d1cd3d11f14a36

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 06:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

23a5a98a711029bd11c99dcc8c308870N.exe
Size

94KB
MD5

23a5a98a711029bd11c99dcc8c308870
SHA1

09c72bcdb32ada2b8a8169a99c6acc85cbad9810
SHA256

b3df799ce9ea3816db64ae2eb37d47ed15be841b0ac23d8331d1cd3d11f14a36
SHA512

6942486a24b674ee846f5104a76df885b6555bcff97f96f4f9a90207cf4f27e32f9bc331caaf4b015d865fef458a3021575998afaa7ceb182b6068fa8d2e4a63
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh+:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2954) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	23a5a98a711029bd11c99dcc8c308870N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	23a5a98a711029bd11c99dcc8c308870N.exe

C:\Users\Admin\AppData\Local\Temp\23a5a98a711029bd11c99dcc8c308870N.exe
"C:\Users\Admin\AppData\Local\Temp\23a5a98a711029bd11c99dcc8c308870N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
94KB

MD5
4383890003ed2c9c32143f00c4ad0926

SHA1
230c6aed96e8254648f0b97df339675f14ebf9f2

SHA256
1593f3140e077bb7dff1e4e5313361996a8a0005f382e1dc8bac7f111d9c50ca

SHA512
db5961aacdbf81ee10514cd70b9f8652ee0b6532a60e37617aeede358a0680262fdb0f6b09775c24225458b9c095737daa464a92d31942a8b320156551b4aa6a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
382038e67acac2f48a6135997f22535f

SHA1
0c455322f5c4c480c807d8a30bf74928c11b69e5

SHA256
27873a7b77c29ae7744776aa3e05816bcb2cd47981313ff428f1a5a4c3144bc0

SHA512
fa8cbdd98a46a85d4746be99a0c7767e5cf614f62738dc3461bc9ce611a6b219de70ebbc996ba1bd09992e85515ed3a5a9fe6d583dbfa0f88d2974ebfe166421

Download Submit