156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
Size

50KB
MD5

4e2b6c7cdc7905d26748c7f2b447e069
SHA1

b0745f331262c347c373ebbf880de38545b02c17
SHA256

156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300
SHA512

6f38afa56ae170fa492066204e3c4da9d50fc1e7ee7e2cb4ad46eca583b1fa6b36b9b3d24837d2e2a9d987b8484a51e9cda9862392b7da43559685af0d98038b
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpRo+fOiJbfo+fOiJbCk8t8QP2Hbww9ySqbw4:W7ZppApBULcfpHLcfp/ZeLP27wHw4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3561) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\weather.js.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe

C:\Users\Admin\AppData\Local\Temp\156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
"C:\Users\Admin\AppData\Local\Temp\156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
50KB

MD5
7a101c1375b42c35693b3947da4af3a7

SHA1
edda822f9e22a151a95d3a032d8d1a3b3088e571

SHA256
28673e2eba593056ddd2bc5ff931067e794f6e8a3890e7811283e7a57d46450f

SHA512
7296fcec82149e831d12596aea43371fbe9f86923183eec5f311b22d0bd7fd8a119b5f7d3d80e47c01320fcb19d3ef423d4d3ab5c019e3480eac74d002947b38

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
e7672d4279b90e8b9f4cc3118d0f8066

SHA1
1af60e09fd7d9ade17f541d6961f46fe50ec238f

SHA256
c47265a012fd8bdb77329e64db4ed23e5dc34da12d75e7fc62a31ec0f67d5e33

SHA512
56bf263141868c70be487d8e16bf2c52c4c0a88634fa3a96ee0dd387f67106f035e724fce571739929798aed995db90197eb798c55f6e7109ee59556cb4e774c

Download Submit