d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 04:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
Size

74KB
MD5

97c176677e6ea91a2059d4649f25b4e6
SHA1

955c4669f3e6f0d9480e895b779bda8097824b2b
SHA256

d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6
SHA512

ede3c288c629a1525442dee2ae78e3f143be25e6b0505e13516a65a3056108d7d5e7c1b0d5842d3a46f9891f063fd2941d14e4e90bc14a5efb985dfedad53917
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJ5DlYpyxFIyxFP:9QWpze+eJfFpsJOfFpsJ5DlYMFfFP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3521) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\settings.css.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\UninstallExport.dib.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe

C:\Users\Admin\AppData\Local\Temp\d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe
"C:\Users\Admin\AppData\Local\Temp\d58c4da894cd25b8285ce39a23373619180fa689432cc08929d0275735aafba6.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
75KB

MD5
59ffb5bb409e826daaf681362c42fd75

SHA1
d661e6e4e3c106f1d97105e8b3c2ce3f35947baf

SHA256
216c5429cc0d9e3bda64c6f63fa9da516ed05db3ac570f8f4bd451636d487a85

SHA512
9fe01f56635c3adf2b6f04b0076e0aceca09b6ebf988b55ff534801e3c8d16f17fecce13216e2204801c2a268e0c8631b12adfbf9afdbbd80748e0b2ff0b79a8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
0a077c03b2ba1d634c89e66eca7ab40b

SHA1
c7a1fb666f0b984b2e85e771edceb88657d482fc

SHA256
2c389864c1de8e1af7ea463c45117d5cb112cac507ce796d985c3a089b16852c

SHA512
2f367ad19814d8a59c9ae520e7020ca4e3fe1192b5cdf9307ed839a7299e5a534de50863a244ff5326af38ba318bca20dc3cdd5a2e90d18d94fed2e98adcc42f

Download Submit
memory/2816-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2816-72-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download