d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595c

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
Size

98KB
MD5

5e08bc039f6052a6a7ab194dbe3ee5b0
SHA1

8ec87987d4f4f5beb12e31be2f4739ff5c4e9435
SHA256

d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595c
SHA512

afe6949f707b4a657895abc05998dca7d02abbe08ff31415442fc7637888dee99e0f887deb8c26b1035844a11c9a9449905a3420791d72863ce3f08eb5da329f
SSDEEP

3072:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9ileq9:RqlIyFESWu0SWu86jYleq9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3152) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe

C:\Users\Admin\AppData\Local\Temp\d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe
"C:\Users\Admin\AppData\Local\Temp\d4b0db9c340c3b0dc5a8875cbe03f2d5e9bb32d7e2524faa7f2ff61677f5595cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
98KB

MD5
a692d4bf3573e3fa09ceed67f56cc203

SHA1
b39594154df2942c886679f3ab306e9b52b4561a

SHA256
2a442f45627579195951ed2805471cdb41f453af5470ea1d5021de04bc316404

SHA512
4c2704727cf61a60c7569e4767f51f47e5ca6a4914b678cbecc66a33b5aad82675854680011c687155ac9e84827af1fccd02e18bb17ed6ed826b847a88cb5157

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
aa72ae6f87b250fd64ae81b9ee378f9b

SHA1
3420d8ce3d2584108d380f8243d6a5ccc6a3e148

SHA256
ab2045aa0558927257a5669a298cbbba19c99c008d611f95b0bb41d0046b24fb

SHA512
3b92271b5391976f5364c08281f52a87f4181cffe9134eaa249dd2704709870f3e7743a2046ea583c78b28393f20416ed68dccdbb3b4c0796431803b7a5db25c

Download Submit