919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2a

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
Size

42KB
MD5

5c739f4da0ff5d277e4ffa2fe1b50a50
SHA1

e599c439bba30913367fb00a9aa1a223bd8204fd
SHA256

919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2a
SHA512

00b12d95cd7855c7d42dfbdd6144fecb448b02c3f135b2024d6573fd20b6d083a5f2223973874dcfe0ec2e6da65a34b59d4c6965dd6e6a801759ef10573cc417
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSR6R16Rd:W7ZhA7pApM21LOA1LOl6vSoq7

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3446) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe

C:\Users\Admin\AppData\Local\Temp\919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe
"C:\Users\Admin\AppData\Local\Temp\919eb291735ba77baf2126c674047e4721e241d2a615156c469a266d699fed2aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
42KB

MD5
7c5277f2a659253d0db6d7dc1eabd773

SHA1
59dec3de5187f9f6f6ec8c463ae9edf3eef245ed

SHA256
7153bf67301cac07013d7d4a8bc8e1e69354afda9730a9a24b8ceccc2a7c8a32

SHA512
fa27e1fb38bb22f7469042350dfcc56c6793b4363f7c55adcc61b9327a5885b519366c1a4b4c25dbcbd9bfb74a49ead36f0e3ac465f47ada2857a0f20f405230

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
c8ea0a7289930e86bb19e47ff67a591b

SHA1
0bccc3f9c8d662420a61532fd8e5b023533aaa87

SHA256
da5299dedda58dae7d5c9361449f10171548183ca2b672d04a7d8720f22496b9

SHA512
7600c488141a6823e189f00f7e7fc42036ecf5c1ae675abb8f986cfacfc65a4ce87976b2571366704879e846c7c68f0e31713a75f4393d480625f34888cb5859

Download Submit