986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530d

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
Size

45KB
MD5

2dbe0774384f9a07b84078e48b7d14f0
SHA1

a075c7070597525424fe2fc6a5d86398e23c706e
SHA256

986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530d
SHA512

5b4f20608c4346bb070270429902c38f0d2013ddb6f2779b4d313ffb436d8a72ed019a6cbad4fe036b86081d936fe271ecb64d9c4d6751c210e93be5c5df70d3
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1ngig0:W7ZppApBULcfpHLcfpSo3f2x0

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3751) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\flyout.css.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe

C:\Users\Admin\AppData\Local\Temp\986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe
"C:\Users\Admin\AppData\Local\Temp\986f3e66f381adc302cf8a152f1f93e22dd4605d57adf257c6f85db0b2eb530dN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
45KB

MD5
a23b41932b1893d977722b6335aeabaa

SHA1
480d3439558d6b1dd3f5877a9fc3dd1b16ab7681

SHA256
e24180c5093de496191a27aa7addb8e811e923eec50bd437b16b114a827a3b39

SHA512
bf6d675e0d845a4e1e5d26c6d9c8e62c19d38e121c9f8ead2109dbf5a74cf573334df6c6be0febbb95efe384cdb3b5f36cdad677a88dd66a8738025438a3a3a4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
a2250af7048f6a6455a3694b7fc256da

SHA1
0d5a280788d0c399c98a1dd6db3894cfc21dfc38

SHA256
f24f97726da359bb922741fc01d46963a27b981d84c5fdbdb51cb1a47ee133a1

SHA512
a55ace02c6dfc0a414883bd6e31193d2531c4fc8a24745de1e52695786bb80211417b855bd894c47bb0a39c715dad43f117a194b29cb3d89ec016230a815db34

Download Submit