d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
Size

43KB
MD5

dedbc19e834e88aa6f08fe2b4b22cb60
SHA1

51d246ec29d7b582c96e92f046009a1b22e0a226
SHA256

d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323
SHA512

2cd111dc2d34b1a0bf0a2ffbcf83017cd9f5462b1ebe99053ebaa955e7deeac4e9a6afa442d718cdc9e46bb1aecda4a7d8752cbafe575c7e81731146e684e3f6
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltj8Tu8TyNN:W7ZhA7pApM21LOA1LOl6Aj8Tu8TyNN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jre7\release.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\ResolveWait.reg.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe

C:\Users\Admin\AppData\Local\Temp\d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe
"C:\Users\Admin\AppData\Local\Temp\d8c83dd616a7b1b04b8a6596fa8986c1f8367460af49506e69b9d3a90d6d5323N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
43KB

MD5
5f75f4108666722a4312dd8e65d94211

SHA1
e59e6a1f90af84cfbf325efcf75731d70291f440

SHA256
3332711fff65c042cfc5db0b690f11b62fa618f78d150ee3f1a4ce99b7bc352c

SHA512
6704187f2c1c2f8f9d0b3ce13972c3fe149c6956861e507c51b61209946c584461cd046076c6abaf8926a0586b993e56cb4457daf3f6911b295b7b9327bc9091

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
14cc75a27e72d9b59c3aecd2ab0bf9e8

SHA1
03b08cdbda9e3c0bd2b9f3abf14f177a14287bba

SHA256
54a88944eb066a911d012d8d665b0ef3e40bff105280a3a537071756fec75b75

SHA512
5dd82524ade4b722d6c388d5e3c940a79ff43ba90a7414cc8b994b4b02a1628c29616c1092761586cee9a25aa94999676fc3edaf1feb598453f011ad318e305e

Download Submit