136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4c

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
Size

35KB
MD5

aeb0e9f6601ac0de3f72723f7073ca60
SHA1

63b95e409c41505fe5bcd30b58b2aceefda45f9b
SHA256

136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4c
SHA512

262d63ad94791de0a87df7e03e2c4b8465194cbf3fe697c6746f716c0a671d09880d9cb44c3829f20ce6bb4a59c42b639a9397c83519cf67ff3e3d134bccbf62
SSDEEP

384:GBt7Br5xjLfAgA71FbhvtPcniDvE10vE1ReM:W7BlpDpARFbhH3qeM

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3359) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe

C:\Users\Admin\AppData\Local\Temp\136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe
"C:\Users\Admin\AppData\Local\Temp\136a7700abbcce8c68912fe63727afd7002ff5b071252e008946fe577fce6b4cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
35KB

MD5
8b9687bde5bad0c5837a66d9823fd4f6

SHA1
c278880c7658ef36d8701066c6100c7bced9debf

SHA256
8afc8fead2ba81ec5e0e4637fada94cfea914d4fbfe8460745b6c68db267aa4e

SHA512
ced182ea4ebec6764fdc51edc8662f9ca1a528ec824388fdf9764d9cf25a7313103afbe16b8763d594a3b1bca356363262d2d0a51beccd961ac24ebc67b518cc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
44KB

MD5
d10ffbec77edd04f03592af00c017701

SHA1
401a0e37e6587515e46e0528ff2500b85819e293

SHA256
cd8d3fbcc6f3f37f015772c40c67f1c3308c5da37b5531634cb533e4bca070b1

SHA512
0d6dc82a200083627f80f9a4dc47ff08c6a21fe94a96f1e0a446a1c1f4d0d98aa989904ee8420aedfcb6aef594aa6e5f9a518dc559c0f6f17e63571b08d181d9

Download Submit