83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
Size

52KB
MD5

bc044552f28748d6bd0051a62b1a68ce
SHA1

1d42fd404e4c321f744adb068214af332ad229f8
SHA256

83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c
SHA512

189bdaa616725a3def4ec32519d5086943d85234fe2ac0346301170db454faab88de84dcc741e628e9fd00ff9fe9afb1fb4824f971f169f86039f0f9ddc5d432
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNQFrs0AqAJwO1AqAJwOfF2JouP2JouQw5A5+w1tB:W7BlpppARFbhHFoqAJwBqAJwRJofJoTB

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3751) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe

C:\Users\Admin\AppData\Local\Temp\83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe
"C:\Users\Admin\AppData\Local\Temp\83a0eeec22ca9bf08a6fbee7292a4a564e227be83a479269b7609d564f12e23c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
52KB

MD5
03fe52674d56e4c96936d4065a98559d

SHA1
45da8200c79c2ad5dd6a8c590981ace656789318

SHA256
101522964850fa94ef8db9effe1c87c978ffd103d1644addae6b91ea0afdc164

SHA512
5b510dca2886e739528545d57aa85a55fac9d5abf0ae0b513953bd15a2b829b1f526a17cf42f7867858b12c2ab159973129facf204c5d7ce4c0ceafccdc71215

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
2e197ad6396803a0943f3fcd3186bfa7

SHA1
89eafa924e3ab07db2eec4b1ee32a82462788044

SHA256
a9c8aad993d4e90e1bed359f58fe180bfbad97d60a0de5bcce29e70a4ccf2179

SHA512
1bd97780fd4b9194ea61a7450c270d866f4b60bb62fb4a52381db5fbec2c136bac0ac55765747cdad970038b10d55423fc65496e476abd27922be7b29bc92c0e

Download Submit