dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
Size

47KB
MD5

bd39e43b93b028f3c076f6ff99c0acd0
SHA1

858773d73e19484f7a1e061dfb5a53b992772067
SHA256

dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879
SHA512

0c566752a7714c23e69a35c20a5dc653163174a66b36977c3dfdc94e54c0de3ddff16b3955809eda826ca8d4ed41b456b2e16cc88c9d67e6306046fb09093eaa
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5qrVfZfIVUA8VUAK:W7ZhA7pApM21LOA1LOrtkpt6UrTATAK

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3124) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\ConvertConvertTo.pptx.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe

C:\Users\Admin\AppData\Local\Temp\dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe
"C:\Users\Admin\AppData\Local\Temp\dd55d922878c52d43b625d9808d71e496a2ebc4301578d31e76772fa40206879N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
47KB

MD5
cca2168b7f6f3849a5b8488d8363e577

SHA1
84426b8b0d56d75ed41f3a20f4872ab3196d285f

SHA256
55844ca862dc0f061ecc43497f39555a838f59e6b737bb55f17aa9b8ae3689bf

SHA512
35cea99dbf6ba3f5ccaa68d21efe7f993383ef7266dc6fe05d83b39a3f749c48fff69b5b793dc3b9067e053133acef40b0822e8ba877074953916f3d876ef901

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
4579f551b796a0614141e656aaa08e5e

SHA1
f683d107e4eb0ae385a2ae8b2e0f57ef06b0f663

SHA256
286ca7f0635c2aa1726cb4281fc6e81ae8fcaf9184f0d3f00acf2146aae239e5

SHA512
9a2fcd711bed212190302e9c8ac60a32ead70d9d7af4f5e9ccbd67de08402b54b94bc45a5c9cabfb700e4f30aa3d4dfc392c6c874b05cc8737ca34bebfe3c004

Download Submit