4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28d

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
Size

44KB
MD5

e97670b8d1bdfec0fb04bdbd4eb0da50
SHA1

629e56d4fef0864ac415e21645129cdc0fd2c950
SHA256

4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28d
SHA512

2a5b3577562d1647eb237dda9848716070ae74124eae2faf0a25b7f863c994093ad6b3ece9a96e343c96bf4cc34cbfb7e797d35f51240574a24614f5a524c339
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLNdyGdyhe2eB:W7ZppApBULcfpHLcfpyDUdyGdys

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3230) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\MoveJoin.xlsb.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe

C:\Users\Admin\AppData\Local\Temp\4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe
"C:\Users\Admin\AppData\Local\Temp\4c13acb3ec0b5f52eeb1781b442a56b3f555301ffea77414cc76f68ecdbad28dN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
45KB

MD5
084d5727ed662c0f6fe69306f8bdcd59

SHA1
cdd3e6bbf9f418ccfb8a1a7f2171e93ed77c6eb6

SHA256
b59a00bcec129403574fb617b75fdb7d95bc7a2b836cda9fa1ae38673e099fdd

SHA512
b5813a1ec5d206a5d0cf5b2222946fac0e3866a81f7ec1b291280e87c942c4df9f36a60bcced47bc010dde9e6a9981dbb4693cbdc5eccb01338edeaebc5dc9d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
c7169d4b34af5e4bc2cf8df7b9d94e97

SHA1
9df83677e88dc42b845cd63eb8217bce7345ec23

SHA256
dfbfa7f4a3fc320af48b6a4eb99f1adbc761a4e720757b2e037880a910257627

SHA512
e2f243d45234cba269ed2356dc3e51454269d216fd8678f565533db04d0aa3359cb19a236db63816ea1c711921a2ddbd46c93b9b1a806647a0826ae365c5b25f

Download Submit