1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22c

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
Size

44KB
MD5

3ecfc45f37409b65a251eb1fe12a2c10
SHA1

e018eb1a9a22c81e966014e05bb5ea519b715d05
SHA256

1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22c
SHA512

fded218798fea7f8a1ab41204a6e7f43c19c23c7796663ba3f7eb2a08b2edd295a8d3f88ba699e18a45920723d2f5b810cda883d4ca33a341daf3ed207fe35ce
SSDEEP

384:GBt7Br5xjLdbAAgA71FbhvU8g0U0fL+8t8YwTZjiKemTiKema0v0C:W7Blp+pARFbhBgnKL+8t8NZEm0mXcC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3417) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsFormsIntegration.resources.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe

C:\Users\Admin\AppData\Local\Temp\1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe
"C:\Users\Admin\AppData\Local\Temp\1c27913392513bbe71c54189f9301377a103523c11ea613b816523d172bef22cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
44KB

MD5
8c437fbe7195ded24f60baebfb5c2b5f

SHA1
5a555115cb64d0912ce78f8f010583413cd3e14d

SHA256
afd1a107d6c8a2dce5d070768d1cf1e5092c9e78499bb8cd6d6dadc9e1a7a9f3

SHA512
548213b90dc48ea97d0969fb3a3d6b69a292aafa6e0672dd723284449d515401c41ce21f1158f6144a8f43bbf83c74154a2d211dc191bdd9d809016f6d12bbf6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
6f5be5a2b37598583f511974ee6f18eb

SHA1
bc3e5def491ab5036939db5dd897c78e8ff2831f

SHA256
753dba4ac1fb17a3843b0c0e9fca31bec82429ebc9ea932f32440bb38da8f15c

SHA512
72556f37ed906f730506e1adf5bece960dc987c0a91ae4199213fbc982d86fcb41b9722b4a6ffc98791d4ae7597a3d816e73792f58892554c285e3780fd6c708

Download Submit