a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bd

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
Size

48KB
MD5

6360f7f944daae7ea0b2f7e9f5c1fb80
SHA1

2183f86ad1fe46428e76a1c2b52de5039c743d4a
SHA256

a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bd
SHA512

966f37a9c5804b70d78268b63cba355b236838a85757106551440c8954f27180d2fb5abd5764838c166a91060d40147710e0aa40cfe94cc779568efa93b167fb
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5gSCFJFK:W7ZhA7pApM21LOA1LOrtkpt6af4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4073) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\Wks9Pxy.cnv.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\LAYERS.ELM.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\PREVIEW.GIF.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\SETUP.XML.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe

C:\Users\Admin\AppData\Local\Temp\a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe
"C:\Users\Admin\AppData\Local\Temp\a43690b827c347e3c78257759faae8317a0c27992d5cea7d8d9bb255f64e04bdN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
48KB

MD5
47bea9571f60ca9547c9d852906f3b7a

SHA1
6a258f7377a09347320c3f666cf3ce4123b65691

SHA256
f9894d85f31a4bbe3c8896b5afdda55eca17653774b59611e5cee8de3aa2953b

SHA512
cd4293fe3d2ebd6edea404c3086a06edeedfdafa64cf0ac4bddd402c4cb607af2c52093edbc16b345b24c18319080fed7ffcbe34062dd0ff63fb857988308e83

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
41b8fb9eff87f6a2e9c70d48e786ca25

SHA1
7f7c3191fc0ebf3eea398928b69e93cdfeb73be2

SHA256
763abaf0723a94751addb8355fd95f57f7b9602e57644a82a8856eaa1111a750

SHA512
353a2ec298c05dc771dbace75a1459b6205f2ed62f3e8c1ab2bfd0416c785b49c1a2e4ec9c77d830df0a3895bd1bbceb483f0f1a21d776c1db4d1e5cf7f62b7f

Download Submit