fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
Size

89KB
MD5

73345d9de649be7966456b13dbb04890
SHA1

e2d9709a614166c0d0eb40407ac2ee3f93dc8daa
SHA256

fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743b
SHA512

aa083a3cfac6d4c4f7aa2b0ce9f209773b7fdeb7fe9d3dfcae99d33bd4e8ca0436a75a24189d795cc12be8e8f7188f3d1c4fc613154cb642335ac4b338c507bc
SSDEEP

1536:W7ZhA7dABJJ7TTQoQJTW7JJ7TTQoQ03NIw3NIp:6e76BoRyoR1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3011) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe

C:\Users\Admin\AppData\Local\Temp\fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe
"C:\Users\Admin\AppData\Local\Temp\fe13118931a2da218125d115e0fd1427a54d1aaf3b62340825ae56f6300e743bN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
90KB

MD5
c8482adb1ab4cac5fd99444330eb162a

SHA1
2de7ee1a9b39ba9574804ff2f2fbb593e31142ba

SHA256
bf979b82db1e945bc3c35cf1936ae62f84bcb0484e636cc346a8c89d8c059c6a

SHA512
21d8e9f6ba7b8b83e4e82ad6011d4740a0298cb93996faa8500b55cff645b36cd9edd90107c5a57eb0231a2f8bc395af0091832d1c6145bebc35b28ea760631f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
d4e4755faaf2b5c554556c32c042ff9b

SHA1
54b1a6abaa0be834520d391c4dfb2ed0f5176f2b

SHA256
f2b658733cc4e974d2743eb21ab13ca4f1e17034f78abf1e0377e7a1cee1d960

SHA512
3cbff03b483dbc5019bda1ecc77d8f09e745c7c1e3a5a0a16d3ef27d8875fb6b7a64fa54071f1a69b076f66ffc8f0f8a8ebe202e0c936fdb5c6f25d747e33c3f

Download Submit