497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2c

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
Size

47KB
MD5

ee810c2d14e67bea1bea5c319a683640
SHA1

0ff7f0ec625af1c46139cc0203166dec03a62673
SHA256

497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2c
SHA512

b46f058747304fd485644e11fca4cae0638d58fac09bfdb0c763869df410880f9861f2ad83ddf4524d88cca3c84defe52bf2d2d758caabd45625aac9efdeff50
SSDEEP

384:GBt7Br5xjLdbAAgA71FbhvU8g0U0fL+8t8YwTZ+kZsAZsZ:W7Blp+pARFbhBgnKL+8t8NZC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3379) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe

C:\Users\Admin\AppData\Local\Temp\497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe
"C:\Users\Admin\AppData\Local\Temp\497ea416cc84806b8ecbe1e8221c7789df8ac1757b9fd3a35d5f5a264354ed2cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
47KB

MD5
fd92885e4030ce4595945929cba65ca3

SHA1
f3e84bf47d1e1ce45a1b5864de46053c4b30e672

SHA256
768d0a66807d103f6f86da7dda8c763f64efc69596a1a177fc267dab40ad537a

SHA512
5a97145f1b1280b9982fc5d867ab3c3c80ce9109826d40e7be2ad34c8887dc7c8e9e122e0169306b102ecc7ce4d3491f5d7d39ba3d06a1dc4232e4d5b9a81157

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
4cff2390daf12fe0b5a2952b3f817017

SHA1
3645a432cdbab50bc4822bdc86b69c2f4b41bceb

SHA256
d435e3b84db8471f7479d73c38d06a84691198e7e73ee6e29c10af29c0ff230c

SHA512
00c027ae6369f9c307fa496616dbd064536f67aa9ab540385759eb3b30c6a9e4b0394b675b2e8bcdf11d60677362bf8e8253bbd5dfce9028a7301ea2fae7b6a2

Download Submit