273934eb6aab75d6e13a9076c04d683aa3482c0dd650bb7d080411e13ee92836

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
Size

42KB
MD5

8ba8097929fc016fbfc8bcd2be5dcbf0
SHA1

67376ede7b73eb81aa0608bc13b7b73a4c40810f
SHA256

273934eb6aab75d6e13a9076c04d683aa3482c0dd650bb7d080411e13ee92836
SHA512

1a1ab18ec3463f8384c6ee7d03abefe277b5237a457e495d96ace11de47719775c56518e731f3890ead8c8828ebc3637417507e87664a5d393e8165747048af6
SSDEEP

384:yBs7Br5xjL8AgA71Fbhva4S04SXvE/1Mz/1Mq:/7BlpQpARFbhS101Xvz

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba8097929fc016fbfc8bcd2be5dcbf0N.exe

C:\Users\Admin\AppData\Local\Temp\8ba8097929fc016fbfc8bcd2be5dcbf0N.exe
"C:\Users\Admin\AppData\Local\Temp\8ba8097929fc016fbfc8bcd2be5dcbf0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
42KB

MD5
cb9ba9a968052a8e6d41bbfdceb0149f

SHA1
f7570a8f2b3ffe9f4b0ee955907410aa08e7e014

SHA256
991add5988b55edb4813d433ef18d996258e9736bab5a6673e855daa3d14ea60

SHA512
3d759e2dbd3e6102c66c6f457ff05aec413992ee7e6295a8a1159f2f9870c794090175dedd8eeef3bc637324d318566460571ce6131529293fe1cf4c2f333453

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
f47b984881458f3ff006ba664f9de050

SHA1
15b59b1a34dbc3dd66c4a3d17b6cde9a03efc92c

SHA256
669721372ff113be92fb862417c3a9bd7274d596b50afb0b505e7c3760b91e33

SHA512
d5e0a951c7c27bfbfc1452bfebdad1f8db94c4512805c71537ea4566fcb78e683be2214dd04a7c3a7376d79f95cc551bf12d543d72c2dcbf5540bc94a929dbea

Download Submit
memory/2384-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2384-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download