2526a201b0e20d1427d6ab1dcd07258c58d1b7b4c7df0a8d70fedae86cffd809

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73e5a8e89dff18775410eb2e16014b50N.exe
Size

45KB
MD5

73e5a8e89dff18775410eb2e16014b50
SHA1

428c371ed756bab109148ad37e318755db0da6a5
SHA256

2526a201b0e20d1427d6ab1dcd07258c58d1b7b4c7df0a8d70fedae86cffd809
SHA512

26b0438d1f5a8e904ff3bd3bcca800fc63f6fe6ff1e2611621caee2d5b7cb23b3c2f9fed7b1650e00638135354e0d84a750ee7b4c92e25b70a79092de420cee2
SSDEEP

384:GBt7Br5xjL7lAgA71Fbhvt3e4S04SdHIl3DG71ul3DG7r+r+A:W7Blp9pARFbhs101OlkYlkr+r+A

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3351) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	73e5a8e89dff18775410eb2e16014b50N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	73e5a8e89dff18775410eb2e16014b50N.exe

C:\Users\Admin\AppData\Local\Temp\73e5a8e89dff18775410eb2e16014b50N.exe
"C:\Users\Admin\AppData\Local\Temp\73e5a8e89dff18775410eb2e16014b50N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
45KB

MD5
7f2ea3287cccd8a4302df7d9cac01279

SHA1
bed2f896dc982cf5d61692e1eec2c5ab5999d52b

SHA256
a78a6e1ee707fab36aa3d5e1c306e8788beaef90776923ccf419c895a1e18fad

SHA512
20717aad5fb56a44f2d77e5c71d64fd3c6d3b315bea66378ea37df5b24af2f282325d6a7bb2139027c8b2cfc620bb772a74486dac53188e2d144c9b3f2f35b10

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
26bf356d4b7a6b736df41cc9671ffc5b

SHA1
6c7bc7ff4314b285021f294cd4ba852602db83d6

SHA256
b3ae16d84d3416041c17babe1409850eb533296f67fc00f48cba748b807d447a

SHA512
4955310598337e15790caf278f765fdff611be4266a56355844c0eefaf0f675c4964ad27e28d0ba45c1e9810a82af873e3eba53fe1da41e67c8be7c9f56d0a64

Download Submit