1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
Size

74KB
MD5

9c2c4b45a9b4c4e06c53c314faf715cd
SHA1

2c1350442c107c52d078587f46d88cc3606502ca
SHA256

1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27
SHA512

4d21d7ea1a5122ab54f38e078e3af3b229e19a051c60ad6c927fc031c1fec756b8d7fa42ead2548b31be8769ba8eb7842382f9199e3bca1b8253a17d012ccbd6
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8+CtlYSDL:6e76mQSostXDL

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3481) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe

C:\Users\Admin\AppData\Local\Temp\1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
"C:\Users\Admin\AppData\Local\Temp\1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
74KB

MD5
56c7f06f3ca7dc51e043b11bd87f7872

SHA1
a4532e26eb4d4dbe9be34b24aeaebd9e5609c4c1

SHA256
5c9a0771603bd5d0a78674d1324801bc04b83088012a16028d0443edeb197734

SHA512
06abbeb3de696c727eb7f95bb0bea259f2a0ce89ed7f72d9308a9d4a0bc10f7584af8c4341105bf3a83d88aedd74473b11cd4be54c158b29693d663da4f343c6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
295581ce7105463b0d5bf2d05339a482

SHA1
56605b1ecf7cca617760bee591527c3da6c90a95

SHA256
441c2c5654d40338b9c0f98ad74ae713c24a05d798573e313282f3141b87f2ec

SHA512
6865878083aed50e0189546f7d342822fdfe8c7fff2d6a8388162fb0216f3eb5023761bf85e9042db9a26abeced373c8a235d739dd7accd115e250a7e6869578

Download Submit