1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
Size

99KB
MD5

0724447830ba2fc33fefeda8c7710821
SHA1

8b86c7dc68b2e63daa917064ade85e419caea259
SHA256

1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4
SHA512

ddd2a289a4fc56d90cbb0e050339305868bacdaec05af9c5b719a29bd0a9655f771fed254f563ccd310f8ce5256b90b6faf9f95249ec96068e2e85b3070d4d34
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPFn5+:6rWpcOPxPke+e3fFpsJOfFpsJbgEy

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3457) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe

C:\Users\Admin\AppData\Local\Temp\1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe
"C:\Users\Admin\AppData\Local\Temp\1deb4ae9669a78ee5a4044e05a3ecff123b092976fb0fc8f728bd88be9c48dc4.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
100KB

MD5
e297bb7b33db3d045481833b65d6fad3

SHA1
124d1ad4c2252dd24adf9e9227ab50ca5311b91f

SHA256
83504871c0520879fd30c24cbd9ef2a4062714679c5437cc04a6053200f852dc

SHA512
ca6ce23fac9856c56dc402e279b49c96ca344d0804d9478aaa3e4833989e489e0804548dc07f20c0ab13ce6bff2c5fbe535a698c1f5aef0bbb7a5532c37fde9a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
eeaa7372705efdd5afcc7f3172671672

SHA1
63b3e04715136a98a84a2762d07e809affa153fd

SHA256
8f4f4465f320cb39e451fe352cde29ac33700ecfe5ad3732b22f651638c70b3d

SHA512
03a00ac7affd6f897224e203ec674af771d3fee3b0eedd1e6eb2a953f3eccfb0362bdb0652b722f79ba43876957c491f2f338318b200438510d883692e5864ce

Download Submit