d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437c

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
Size

37KB
MD5

aee0036d5e74dc3c9bb63a3d6419d990
SHA1

916153131d1b8a311d81661e5ce2ed4e858ec2ae
SHA256

d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437c
SHA512

076fb84d34e8aa6e7d0ebaa84d800ccdca6ea9a9070db013288e0efd9718a48ecfa94dbbcd8ca18797d62023acc23e67c95741451b04840a38fd87d35c5e7685
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltz4Q:W7ZhA7pApM21LOA1LOl6Az4Q

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\SyncUnpublish.rtf.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe

C:\Users\Admin\AppData\Local\Temp\d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe
"C:\Users\Admin\AppData\Local\Temp\d616d5bc8f38d97c1e324e11e785040d3183f11c212e9c8c629be0cd9587437cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
37KB

MD5
c4d9b6abdaa4546691563f8cdf65f7e6

SHA1
a8be874d26e0e8c97dc00e96c73106a33c1dcdfd

SHA256
e78092ff3442c3eda9499094eb3f5a9063e8f69c48829f8e09d048e40ab27c71

SHA512
bf16235c9af4295a8c6c053e3043f53cbfd77e7193198494d1bc2ac359dd6e50791dcb23854946f63bdb1bd34a399a0fe1324aeb757b3e9dadeae245f4039af6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
70fd91bb6dc962aa57deded53ed9e89d

SHA1
7e1c429568a622326a6bcebb4def011a19f9a387

SHA256
10255de5f8c521a6c446550b2d18d5589c6ca0707a15904a10971660b8f1ead6

SHA512
b31fcec09773ebe3d67fe735e16b2f27e9ba298a8b82a2ac6b0070191e09548e67af0af2e8d21b0bac92a98d22b9f039a11caad857da333617c39c7ad8a781a1

Download Submit