7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998c

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
Size

90KB
MD5

2d0fe0c27f523d19cc8c6cf3e7525a10
SHA1

46722211eb3b9d89ffea4c9720af059ae951f659
SHA256

7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998c
SHA512

927411f813a79828bac9759e2b16a53b395e8ea128adaab467ecf5b76daa5831a1ba82e959b9818ba97c1cd0e30e6c610cb50732c74b84854dd9931662662b48
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvapBpYYp:6NLWpCZIzjwHwk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2870) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe

C:\Users\Admin\AppData\Local\Temp\7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe
"C:\Users\Admin\AppData\Local\Temp\7c730885926b8e9b9a52d28d4b1849c79072f265119182fc9b94c41fe96a998cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
90KB

MD5
c30798f130d9aabb86e0f489935a4e7b

SHA1
91440a74b931113afb1c2637d155ac17f474b8c7

SHA256
24cd66f595c62402831f9eab5f450276eccbee4aea5b8ecdf407c7d56125335f

SHA512
189fb990bf8d7cc6934c7af96499f32615ee0e0ab073b621e73cc0068f7660a22e40ebc7548cfd5139b45d86721ca2804c06040f2c882dbc0f824de8d935a246

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
acb7ab511c1e5772879fbb8810936d99

SHA1
b30a9775576c22f299c12bd4f746b246b65807a0

SHA256
3287f3261bae15834690707b977c859687b514c1550c0e202fdeda934f7945fb

SHA512
6e896451994c4da5000ece2142d9be1bc3a42e7fe1426d8a0360cd565ec9b518f6d1866f8722950c6ae007b83c3c06ace1eb1f98121d4ec2c1a49d50859c55bf

Download Submit