649de38e2a3cb2f50b478d8c91e2d609f3e736258b648ac5a4b5d319c994ff1f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8e3b970b8dfa0a0a3a210059052e2b0N.exe
Size

62KB
MD5

a8e3b970b8dfa0a0a3a210059052e2b0
SHA1

70fb42ed9451be8d155799349aa02edb794e2d1c
SHA256

649de38e2a3cb2f50b478d8c91e2d609f3e736258b648ac5a4b5d319c994ff1f
SHA512

8c4159ff99ec5516153fcfa896f9720a13da3c1896ea44b3a052dcf9f9bd2f6abfd92a4182ce41637d97792216cc2125a4c1a31a22c8c9aa69b514aaf078ff22
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLMdrBdr1Kf:W7ZppApBULcfpHLcfpyDlKf

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3255) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\SetImport.rmi.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	a8e3b970b8dfa0a0a3a210059052e2b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8e3b970b8dfa0a0a3a210059052e2b0N.exe

C:\Users\Admin\AppData\Local\Temp\a8e3b970b8dfa0a0a3a210059052e2b0N.exe
"C:\Users\Admin\AppData\Local\Temp\a8e3b970b8dfa0a0a3a210059052e2b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
62KB

MD5
2253de21029416aa82f3032fe9eb21b2

SHA1
9e665a2ee847dd73db38e5f9b1d6c3da88191060

SHA256
38718ee9c1d01db3639d03bef7ed4db06837dcda35d913b20d4762a903a92ae4

SHA512
8e399b0a81d794c022e4b806eee1de6bae727a60ad4c1f942b409b0986985c548cc52874dee550b42c59c9fc2d5f4e9108a55f7af20c11a64354854664205b40

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
1563f1352d6ea775760684e85d0503aa

SHA1
4f76c78ed2175a9a6553a7becb4151f212d52ff3

SHA256
a039e8ec6198da46e379f873d0b4d083f567dafe80e141e093bb159f6a938d28

SHA512
158b16cc2a37d9a828cb9e941dcd5d697ad12b434e79ce6bb73f0e851f65808b591dc510ab1533f38d6aaf0b5ff737f4ce82c52b8cceab9570ea72690ca9e457

Download Submit