71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
Size

102KB
MD5

a3119c4d7a00d627ef15f71346803610
SHA1

9505caef0f75591f87f22e1f33e0e7caadaa0626
SHA256

71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90
SHA512

40ed5eb01c2e9e60b1d9cb465a646890f4fed0cc54ac07ee812f2e8099a4c1e0f4f1ead9707f1fe8df53d93674467f8a058124d725f63434ddc84b848c30c2b6
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFpsJOfFpsJ6X9:RqKvb0CYJ973e+eKZ/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3073) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe

C:\Users\Admin\AppData\Local\Temp\71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe
"C:\Users\Admin\AppData\Local\Temp\71b4e873015eb260c01f33c7ff458632d2a972036219ccbac756521939078e90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
102KB

MD5
65ebf8822843322a42262547ad2e20ef

SHA1
f644e1e53368aaf7a8891405a4ad46d21cc2b318

SHA256
4942bd63ec4b0f3c0f8017dd01e869b25a8c12c892454cfff048d1cf25cfce84

SHA512
49cf572640c14ad3ad7cd09f16ef735d1ce72500d2e428c2608179e6d643a961acd029cff3aeff566f2094c167ad0a0c6d306e0f215843187f2be9c8a904676c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
9e94cb464a6cc463019c9bbbb20f919b

SHA1
f67b3313574db613974382c3d33bbc27df076883

SHA256
0a6e8027e949de8fea03d16efbbbd3c9fdf7e8054c114659fd5f0cdd4689408e

SHA512
66417e213b7f0a127da2f6260b2f0695dc98c3c0ad89d41ba6b8e1499c07227cb32e3de0261f193e0aba5aa9efa7bbff239934255ea29de1ae50a9de903e3140

Download Submit