94cb4ecfbac97d6650b3550e3500548bfe9c16b6639bb87a05f729db41db7502

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c0d709b713d4d430610187c72c950a0N.exe
Size

44KB
MD5

4c0d709b713d4d430610187c72c950a0
SHA1

7c6f8ed93de08781d0483432125108397426ae5f
SHA256

94cb4ecfbac97d6650b3550e3500548bfe9c16b6639bb87a05f729db41db7502
SHA512

fbe81715e764fc3f409829e3fbba2d5cf13569505e7559018e91b13d42214f3b757080ebc56ac430c8f623de992e93d49dd51aa24c41ee0d701b23c2a4edf5f4
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1ngig/:W7ZppApBULcfpHLcfpSo3f2x/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3423) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\OutCompress.odp.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	4c0d709b713d4d430610187c72c950a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4c0d709b713d4d430610187c72c950a0N.exe

C:\Users\Admin\AppData\Local\Temp\4c0d709b713d4d430610187c72c950a0N.exe
"C:\Users\Admin\AppData\Local\Temp\4c0d709b713d4d430610187c72c950a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
44KB

MD5
96ff036a231cb8988d120c28d721a04f

SHA1
ae6fa7009bd433f180661c32591cb1dd6962e08f

SHA256
692624713ee3f74981ec8e3b8ab2643063c0697fdb10069e61415bf02db7687f

SHA512
4027a0fb38148f12f57cc1c92c4b783a6bad159a22e1ada122067dc6ea6f5e03d5dfa2c573c7fa12346c3236d344d348eed58451004cabf5afa9f772b4fff803

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
b953ac29d273b8a82e1f44e55816e33a

SHA1
42da2e3d322c46d84fda99361852462f2b623ce6

SHA256
8d0f36bde86cb7def71fd5c4882c4cdb4fd34e3604a1672fc7292c17c29083cd

SHA512
2398f0e4d10265806e3af2307fa8248d6c1d4c2bde10bc5bf5eb75bfd95b3d4cb77ca6ec5a69bb16e0757480e70d83ce10661639d5917265d99e95b57a21099a

Download Submit