1768d7052001d46cc9d36a048fd606511bae61bf5cc534faaea71864310e35d6

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93ce69d63e3b23da1eed057fd75e91f0N.exe
Size

52KB
MD5

93ce69d63e3b23da1eed057fd75e91f0
SHA1

beead8f10a2f3104ed9cdbd2e188c4ed1df5634e
SHA256

1768d7052001d46cc9d36a048fd606511bae61bf5cc534faaea71864310e35d6
SHA512

6d3c6ae1fe4f44c63c14a72878806f30869be28fa993ddc46fa98dd2bcef9fb4f6828b6810f460b8ae01384d32644e7b45a64aa3aa2f876448f59ac1438b00db
SSDEEP

768:W7BlphA7pARFbhM0KW2s9B4b09Xgd7jylZqzps:W7ZhA7pApMaxB4b0CYV

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	93ce69d63e3b23da1eed057fd75e91f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	93ce69d63e3b23da1eed057fd75e91f0N.exe

C:\Users\Admin\AppData\Local\Temp\93ce69d63e3b23da1eed057fd75e91f0N.exe
"C:\Users\Admin\AppData\Local\Temp\93ce69d63e3b23da1eed057fd75e91f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
52KB

MD5
21d17f60c2a513001032df1a32109348

SHA1
d4ca5f55692d47285874a865ee029d77655feb88

SHA256
244edb53dca01b7abc80dd59dff81f20336dca61b9bdea1c48b870d7e38d00f5

SHA512
a0bc0e97d850b96466a29f24f165bf690cbbcac8de359f0c0c2b5a1d2160ef5889099fbf66fd24fefbfede89d46e5d0da463c499054adc3c18f16ccf816c239a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
e0d52c70d63aa20cd9b0d9bfc09a7b94

SHA1
87f6418177384230a3cd33cad1e2d618d82f1b60

SHA256
2187f8cc27c38854bf68a1b6c88a4d53c59b470d45cc0ea8fdeec5e60633c20d

SHA512
1cda30c69e55b6c04bb4cdce08a2d67b74327d4c835498902a53ff40c9f913b75e31113c8865a164caf6242fb6a19d27ab57387f42cd782f534a504e34b742f3

Download Submit