100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760a

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
Size

52KB
MD5

4a02dda55fda50278b350d135d80ad80
SHA1

2ce878acaf22625d2e0b07d390e868608b38c3c5
SHA256

100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760a
SHA512

bdee67485442a7420426f1556c837515ba6e5251b0c3d675d6b3612a71bdb28c78b577761bc576c6a0721b1778590bf9d380ea13f3c574d0fc2c8d4fff07ac54
SSDEEP

768:W7Blp2sspARFbhVgNNHpQRNHpQRxRYstRYsI+PeWwP9Pn:W7Z2sspApctpQRtpQRxRYstRYsbeWg

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3256) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe

C:\Users\Admin\AppData\Local\Temp\100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe
"C:\Users\Admin\AppData\Local\Temp\100621a7b45de64adb41ac8b7a86659cc89b97b30e60ed91d03111f6cada760aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
52KB

MD5
39de88d4c5f414b7b6f14437e8398b71

SHA1
c114a6a3d86a443e76e5382217fff1ce6debea7f

SHA256
50d72cadbf647aabd2498a5c4dac9a4b98fbfe0d5108bfe56a6cf185d1abbcfa

SHA512
93e5cd864c95e1001a1ac7360b34f0fb350708c4a8888b293cc5fceeae925854ec6c269588ec5b6b2d7e54304952459468a6ee2ccc4767ec3c1e7c661543c75d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
56527a12e89f6a71853fdc7960eac33a

SHA1
79160c19ee89aa93e1d2bec9f71fa15c7e1e9fc9

SHA256
ba8d211cbbc7be97bd232524d4a27d7a4520d9dd66a6f7e0521ae82dda3f56d6

SHA512
8136f719844445a68e22f8d42a0337d2733310c1789ac80cb171f8c8b6c1410544fc4aae51bdc58797fe324615c27c23331beada7c99fc7b7b27913cf17c5701

Download Submit