19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35

Analysis

max time kernel
149s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/09/2024, 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
Size

40KB
MD5

724955a39e02df04729a2e9f7f91a1ea
SHA1

94c0795ef03290aeb0e1d82c8ed2b71b9e724b8d
SHA256

19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35
SHA512

e4425bdd8841196e4f83282c757b687e4846e1bef75beffffb818638d87f204c0bd6baf9113d022491acdc9ab7893528ce7ae2771c42df2654a65b9e2adc35bd
SSDEEP

384:GBt7Br5xjLdbAAgA71FbhvU8g0U0fLMzyKbNzzyKbNWkq3DLXakq3DLXF:W7Blp+pARFbhBgnKLMWK9WKD2N2F

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3780) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\JPEGIM32.FLT.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe

C:\Users\Admin\AppData\Local\Temp\19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe
"C:\Users\Admin\AppData\Local\Temp\19c47deb1d0cfbc7ad3ad231dedc5fdc0970a46cf87ec6af8180e0c7b0484c35.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
40KB

MD5
311aea3afcc5ec6d8e84a795c27dbf41

SHA1
dd5e11d25cf3c4c5f39df5dc649684b7aadcd55a

SHA256
fc4adebffa372c8923cd96996d18af75ed632870e5d69f10f914fe33d7876c41

SHA512
66d0d1d66410c4ee074ef2278125b0e001317e245836e3c6e44d7ea91b7c64dd5beab367d6be437a3389f3a4ed17e8b41a4df48fba40fbf46848a67ecb8768d9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
4540f142516b08da4f7fc9d5653e8d3e

SHA1
58e1964a32b0ec68d15035174845394ecef8cadb

SHA256
6de0aef85ec263b1131156136d02040e1779d4ada18535d5126ac2b5ae963f21

SHA512
700a8a6e2e675e93fccf42342de21aba06425436c7af490fd59a50ec4473c9ffb20f013ad22737f7e824f7a2a877de3270d2ffb9694b80a269e9c545d8aa19bb

Download Submit