d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
Size

90KB
MD5

116ec9d4c789364f72812ad8b64e2ec0
SHA1

e5d50d7e18c71babe10da3fb34bc0b3f6c3941b5
SHA256

d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3
SHA512

96d4b4585bdda2e1224f9f16b1dd748c800983034561cc1833e82338954b9f36b0995c5aeb03eb50953ce8b5ecdb965210fc244304be7d2a09daf670a28249c8
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKggqSXrA:69WpQE0zxgjrA

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3100) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\SkipAssert.rtf.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe

C:\Users\Admin\AppData\Local\Temp\d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe
"C:\Users\Admin\AppData\Local\Temp\d4eed3f0cd33293c88f64a6bc9f9fdd33c3a429821989699d88290147c9885a3N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
90KB

MD5
6d5dd06149e8ae7feb1879c456ab7db2

SHA1
cd1fb6923931d9ba45412f79e796a75af40ad14c

SHA256
f4971a4317f02e1728def3937c34026a772f9824b8d9a9a2b3187a93d0314ff4

SHA512
106033b034239f4f9a79ee44fdabd0011a233345c945ae5667f2e0013a918d0790d8d3b01c31c85fedff685918605d5c1c492cb7333f0c41c7917354d05b33c6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
f3767da3a97cdde7b27f1dc9a944b842

SHA1
722c5f0fab9b10e1cc08646796dbde6e6149d92e

SHA256
378ed9d54ec36a30b8b273db1d59828829f4d69b000b63f0b60addb89e5769c8

SHA512
c55365e81c3b74a8c59f85a23ecd390d02ec7392af07e4f538d0fa30e6c5a0283fec948b099153b65b5abf47a030d80e6c52eea270944438119d31abecb8f353

Download Submit