7e1da40bf175feeb8deef26eae831f7901b05056971760dd0e0963931532d2bd

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

868329fcc31d14c139e0b8b9b2eb5260N.exe
Size

37KB
MD5

868329fcc31d14c139e0b8b9b2eb5260
SHA1

ec6e6c7ad93d67a3b10830b7747aa1d9ac021787
SHA256

7e1da40bf175feeb8deef26eae831f7901b05056971760dd0e0963931532d2bd
SHA512

7beee83ef39e749aff0672d979d50606770d8ca1d92d648a2ed210affa50c80770a416ca3dbb00e2e764a66a5b78a784b127c871d3ec5a2d3ec4d28763ae12fa
SSDEEP

384:GBt7Br5xjLfAgA71FbhvtPci1lnYOzlnYO5+vu+vlP9PD:W7BlpDpARFbhzbYONYOkt9P9PD

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	868329fcc31d14c139e0b8b9b2eb5260N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	868329fcc31d14c139e0b8b9b2eb5260N.exe

C:\Users\Admin\AppData\Local\Temp\868329fcc31d14c139e0b8b9b2eb5260N.exe
"C:\Users\Admin\AppData\Local\Temp\868329fcc31d14c139e0b8b9b2eb5260N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
37KB

MD5
ac9564df6dc87b416f78add3673ad27d

SHA1
42c6301b34a1aea324f82c0d5aa256d3bea30f1b

SHA256
eed1f6d763de3468c42499e1376e8200aaac5dc2762befcf065cec7648c5ade2

SHA512
9981f589e7faaca9c65d81a7d65e42e328b77b291fe4beb0d7bb8700f600995b8f6b620372ad8b72ec5920f008380241c863492868fe714700a1d00fa162feb5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
522349a91308eebe84585efed49eb97a

SHA1
cc1b0f073bbd8b36cea09a9c16b23ebdcffd4a79

SHA256
d84f9aa2651743357e7b47a38257219e72b9bf6dde6f7b7a66be739006822a60

SHA512
fd332335db8402d295d2b28cb35f33db634bf825446183950e479fccffd7c07512ebef7d5965aa09bc6ca301090a253327ca39826604eda639b09f995dcb1c8c

Download Submit