277dbd928dac7f085e2d9edd8de1ac164f0576159733b922e28f73cd385234f1

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 02:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c427756c773cccf28639dcd14bc66e0N.exe
Size

65KB
MD5

4c427756c773cccf28639dcd14bc66e0
SHA1

587cf9ed08ca2c0cb7b5eea7db073dfce028f970
SHA256

277dbd928dac7f085e2d9edd8de1ac164f0576159733b922e28f73cd385234f1
SHA512

19b42b3504874761caaf0e9db9d02573119e5d8a448766ac8138786f3e473545b61482da2a37147a2d2946d94cfce575fb387d112e242aa3685326b765b4a6c0
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/8O0O3:W7ZppApBULcfpHLcfpX2/Nw/Nwmxo

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3164) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\ExitCopy.mht.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	4c427756c773cccf28639dcd14bc66e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	4c427756c773cccf28639dcd14bc66e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4c427756c773cccf28639dcd14bc66e0N.exe

C:\Users\Admin\AppData\Local\Temp\4c427756c773cccf28639dcd14bc66e0N.exe
"C:\Users\Admin\AppData\Local\Temp\4c427756c773cccf28639dcd14bc66e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
66KB

MD5
0894f6ffa4e6b90419c3e85463e78d50

SHA1
083b2c6b9e23677ca855f67bbd187cb088886b3b

SHA256
b525b4305dbd538fab531f4d8343b1bacfd2db20cf298d92730e22aeedc371f4

SHA512
cc286014fd2fbb7b52efccd3b6be29c7ce7f3fafec0e9782767397b3c3febd919009f4ae82864c9982994412daa455e8743114561a415eeffd5b00539718806a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
998700544920e921377dbdefa53b11c7

SHA1
1f64ecbe1bdb10642671745a677f2b5f8ab8ef7d

SHA256
5c51d2cb505b1ebb9bd30d01b30d0ba22ab1ae43403a34d0a663381e6d0c1b36

SHA512
f718c4e1da2530fd7bfd63cbc94816282aeb6c3cc2c4f477dbe94ef7973781907691b3a3f782cfeb4625dbbd098f1c032ce65b25bba66e38f5cd35c91cc2454a

Download Submit