250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
Size

91KB
MD5

a6e1c1f299a11ba3bb8dbec1b906bca0
SHA1

5f80da807601ce480cc147507b97cb965698c74c
SHA256

250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2
SHA512

94da5e8f0237dac6f1f56ba8b8600fad9435f3e005b770a60d78e7f946745ead5060a3c6b00e42cd02926f8c133023d8bbc7abe254bfc434295399bacd17ce94
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd53tjWC4Z2p:6+WpDfmRfmhHtj94ZU

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2894) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe

C:\Users\Admin\AppData\Local\Temp\250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe
"C:\Users\Admin\AppData\Local\Temp\250a5db81e5b9967a224aef1fa07902866238ddc1f7801491d923b7c0ae7abe2N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
92KB

MD5
5759e2b27f3abbbc399df9839d4b31a1

SHA1
f13810b45a742e3f25d45fdce45f6beba48945f5

SHA256
81d168697960aceb5e05fc05d14d24b9d07fe7a8c6c7f15bfafa6b8f9378d554

SHA512
d81e038075a919832d09dcc717c5ca1fdc5f632dfcf51326dbc4a5d2ee68e35ee311fe3df766618eb93e364045dc8c9809c7cb7f70ef96f799fc9048dc768c16

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
100KB

MD5
20375ac34c488791c61ec83ad99c9e52

SHA1
f9b3ccb70eadc2489c6177972946ff4b11a0a853

SHA256
37f805e64770fbed020e5855a97dfe968513281346dad1c2796e3e7eebbe6b51

SHA512
ec284f5f97a9163c8790cd997b58a4a84224f4356cefd75da613815f2a2cc7854612b281061e86c0f7a0a22f492338f652b033881b86a92bc4e6e83f8c051c68

Download Submit