433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2a

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
Size

92KB
MD5

0e9bbb290ab09c8ac3ee9e2471d5dca0
SHA1

c1da8358ef6634ca37162d5b242ea45bd8c06a6f
SHA256

433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2a
SHA512

1495ad8d9cd7349978bbc2ca961a8ec15d56f8a4c7778be09f8641e1a6f3dabb22c0f553804b3a5b274112eb965b17c6577e82c60b3d31bc774969428b02fdfb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzYgqer:6e7WpMaxeb0CYJ97lEYNR73e+eGG1qer

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3141) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\GMT.tmp	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe

C:\Users\Admin\AppData\Local\Temp\433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe
"C:\Users\Admin\AppData\Local\Temp\433e8480f4ff96584b63a75708c7bd72ea7350f9c4403e21eda8e767b4ac2f2aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
93KB

MD5
1dab8d53b4bb10635df3062a0205c307

SHA1
8238b010cd9c39eca98f105ab462f81efb357bd8

SHA256
ed6bb9561200cf364fc8d1eaa48315ee0b944296a04639b190159931ec005628

SHA512
8880b8a952715f9eb5b70635a3be444c6d8ad31f1db2571e5f400ecb9d829adaae111c4bb751c791ecbec18cff83a9a906ac2d7e52df8caae0d9814c36f04909

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
101KB

MD5
a59738c62ce21f2c0f9e94cee38921d1

SHA1
473ae277f03f0e28252ab71478e85df44c86fc61

SHA256
856e0da8b36fef7dd214692d8f6e4a38d5d7eafa476ba938757ba912e40f52b4

SHA512
8b6c7c4a480d7cf92a3faf20c164e417d51394ab63e5387ead35c2c66cb930d3ee392abf20133b55f9b5b2c36be11d772ea143f95601e9cb4355520ff6d080c9

Download Submit