97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665d

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
Size

44KB
MD5

00ae76062e5f702b3a1990e21bca74e0
SHA1

0e444aa68e131f393b2dddd992ca9fb7716823fe
SHA256

97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665d
SHA512

d63151accd6ad7e6025325096ea5dc2412258739db2210a8cdae0b565e24417a485d9d7ac0d68e2b927657ffeb32070d9f8bb6f2d4b27ed797476cf029a23539
SSDEEP

768:W7Blp2sspARFbh5YSfff9n1oXKCqzEIn1oXKCqzEy7UP9Pv:W7Z2sspAp5YSfffR7s

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3412) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe

C:\Users\Admin\AppData\Local\Temp\97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe
"C:\Users\Admin\AppData\Local\Temp\97a87ded589580ad28622b82b580c505430ee90149eba68a73ef7480bfce665dN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
44KB

MD5
17ed56606ac83c2f88ae4cef3a58ba6e

SHA1
f9eff84f909dc866605c80281093181121a30b9f

SHA256
1d557dc1fc759836b71b2486b8b9f8b87597deafd83bad238a1e3df8c02000d3

SHA512
b6a9ffd5053256fbeba6636ae313f383542bfc0f0179c8236f37193e762c954d4ad74c9056a107a5ff8f3d3d1a57bd355425dcb9e5f833e519a590887b9e0d36

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
e3ef953256cf5dee64b97bee58f47cd2

SHA1
396965e1f89daa88521e830f56f48a535faa058f

SHA256
605e991704164716967633a8fcda3422aa9cf3195aeeac2b3adb3e9afd264813

SHA512
e0dfb34fe3debc9befed271d3c956959c510bd64e8b4ef5d48319bffa3c192d50608797c233572f069a637f49b416024079b56cb055e233747b702cf00468639

Download Submit