5c8d0855bd327c48d02cedae2118b809e19134430f8a843588f70c7cfc6c06e2

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 11:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a59727ca9b620cae5cf9c876eb475670N.exe
Size

49KB
MD5

a59727ca9b620cae5cf9c876eb475670
SHA1

a8dbdc0b7f5f2cfaee098ba4f89a796b25030629
SHA256

5c8d0855bd327c48d02cedae2118b809e19134430f8a843588f70c7cfc6c06e2
SHA512

ce44b3a7190624e00b69113caed5153689fccc250335fa75f7939281d2abb35699e134a0e219488a5809c75a74997359954c36b23647570528bafb3caa357366
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nhSn:/7ZQpApmi6nhSn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3224) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\InstallApprove.DVR-MS.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	a59727ca9b620cae5cf9c876eb475670N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	a59727ca9b620cae5cf9c876eb475670N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a59727ca9b620cae5cf9c876eb475670N.exe

C:\Users\Admin\AppData\Local\Temp\a59727ca9b620cae5cf9c876eb475670N.exe
"C:\Users\Admin\AppData\Local\Temp\a59727ca9b620cae5cf9c876eb475670N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
50KB

MD5
3348fa8ec4801776e3f38934e79c3fa6

SHA1
95e41adb59c30377179b1c8d4a1b38caf94134a2

SHA256
1eb8bf4e8341e67781a23e556af3b97dedf42fcd0170789784f988cebcc4ea9a

SHA512
89cb40f8fd11888ad8473447f229e3bc75388d839e589185a5f41a029ac8a33540eb9fc3b78cad2b41b081bd014772133e4badffee35e54d1011c8ada4b092f0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
89820e288b192da9b879b9f8dd3d7ab0

SHA1
4705203bc26ce347f5d32667cbb69af7e548f6e4

SHA256
b79f196b3cacbffb8f2120d2cbfac3f000110c485d641f406c7c24dc225e79eb

SHA512
65280a9ec120a21fcb0bca83a121fbe559d6a4c29da8bbca0c2c291fe81cea6788bda488526923bd3030c0d998730fb23c3cd63a773ae0953fa1ac7765b82b89

Download Submit
memory/2536-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2536-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download