96b9001310418aee85bee7785bd4cd2839428dc1dfd8ec1028e80efe9e44ccd0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 03:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

349d0d9aea3c80085a0c0bec12a92de0N.exe
Size

81KB
MD5

349d0d9aea3c80085a0c0bec12a92de0
SHA1

4397b48db70056d778375713e30843cbb2a0f2c9
SHA256

96b9001310418aee85bee7785bd4cd2839428dc1dfd8ec1028e80efe9e44ccd0
SHA512

6b88233ad61fd3b9bc2c04c51a583e831cb5bef7d940276165e9af59eed304812fcfc83f5c516a43d06cd376d55aae3ae626a05de9adac4883d2ae707fb853b6
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8zx0Cq/8S/8dYG:6e76mQSop8i8L

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2948) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	349d0d9aea3c80085a0c0bec12a92de0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	349d0d9aea3c80085a0c0bec12a92de0N.exe

C:\Users\Admin\AppData\Local\Temp\349d0d9aea3c80085a0c0bec12a92de0N.exe
"C:\Users\Admin\AppData\Local\Temp\349d0d9aea3c80085a0c0bec12a92de0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
81KB

MD5
3cf394c617829c1f3abadd7591831eef

SHA1
50fad23037cc2c4484355c6e50b466d9eadb506e

SHA256
8fd539bccd1ce502df2dc036a87b9d420efbfead89c36536303a7b72cc5c314f

SHA512
cd4ef9c1de63c7753e56c002f95df1d3b2e9a05f9dd7d35ef388c50be95afa9237f118dc0139fd0a961db99448742540112aa525c5db8f12bae3be4a379d6b46

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
2179ce901725962795db5435306410f9

SHA1
9a8cd99ce2cb89e5aeaf06bd897b03f50580521c

SHA256
d6a07acfee4ea2e6c3095b3327364da801c24905161a9f69903f4691953be7ca

SHA512
3b4c2e89caf2a6d0b5a22ccde26a0031995a75e96b4d8106ff9433bbd3a03cf4d6764baf616516568c385a112282b008d24e8ca64422c5c1bb54b6c951354ad9

Download Submit