fd71bbd2ef3e491a0712c1a2b2a867b1d2459911eb72a0ecfbd70659d1cf34b9

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a57918edf04be84b3d27782cd513380N.exe
Size

69KB
MD5

8a57918edf04be84b3d27782cd513380
SHA1

4cee33a582b25ec6d65b2a1f6f15fcc0f3c75100
SHA256

fd71bbd2ef3e491a0712c1a2b2a867b1d2459911eb72a0ecfbd70659d1cf34b9
SHA512

f5b2e021d4c4f099bf674691928ca6f7a9cac59fbaea78c985aa9893250201ae41167fc61cc9132973c0dee8d06b4436f361d27948e294c56b09bf99a2ca7cd8
SSDEEP

1536:W7ZppApwEwnmJARJAaXxXNJdkCKPuJdkCKPKWZ:6pWpUnDXxX6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	8a57918edf04be84b3d27782cd513380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	8a57918edf04be84b3d27782cd513380N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8a57918edf04be84b3d27782cd513380N.exe

C:\Users\Admin\AppData\Local\Temp\8a57918edf04be84b3d27782cd513380N.exe
"C:\Users\Admin\AppData\Local\Temp\8a57918edf04be84b3d27782cd513380N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
69KB

MD5
d75aaea6ce85c2bec174040779aceabb

SHA1
ec8553322eecf89b964dfbb1c1a14030e001449f

SHA256
3f92babaf2633837c38d0751950b35e9f07f4009fd978f58f1c533c994d9d909

SHA512
bfa6d514c3baa1f13f103e5a8f33a4ac8f5cb7581c52d8205b56181702755ad075019ecd953c891b114618918dfa2e2ebffc6cf0d94c7e547f4fe8781cf190a7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
a7f2a8045a8a841db05d38e1d84ad5e3

SHA1
cebb0e1e7c308e1b6baf6cf77705b26081337fab

SHA256
5773faf851f36fce35f9e4f076fd097f8a35137255b5ae1adc4b5f4ef3ba37bc

SHA512
52ada0f1cf01db501bff25c1ac5463ad7e344fa556adaea7502aa14da85398a26cd78e5e9d97cdd67306bc3e23b4101ce363a82d95595c628b92eae6d30529a2

Download Submit