7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726a

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
Size

48KB
MD5

f68197e80e344be32160d4e38542f480
SHA1

cef11c3b0d0818b99fb832f42e6493331fca500a
SHA256

7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726a
SHA512

ca9fe143f25eeab54cdef5d564b1595ccbdb39456b01b0e9cd72a1381242128b8a6f21f469ee87dd46a2670d4032d59a9db37ae61142f77678d8ccc073676949
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1wbZUnUk:W7ZppApBULcfpHLcfpSo3f2W9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3315) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe

C:\Users\Admin\AppData\Local\Temp\7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe
"C:\Users\Admin\AppData\Local\Temp\7b4c57a1bee0322873ecd51d187cea95a2587fef12ea6f9b32ad44cb2ed8726aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
48KB

MD5
23e445909a3339d2cea4a7235510a3ca

SHA1
1b647d3e5bc519b607e8637a666f19d49a313deb

SHA256
302177734b657aa246ac4cb4264ed43b4765cf6608e1cc6acc5db4ec3d253ac3

SHA512
a9e53519cf2dd8c297b61c9b621cc93874a8a00d63fdc18a0834e308996ea2002ed0841c0b8e8d9bd1d77b05a44db40996f95fa3c4d0d3b31de02b73d2f53668

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
e78e88b4d69e9d6c82fdc36ec7c4b0df

SHA1
3313b847a49291e531157912c5534e25a5c0e9ac

SHA256
b6aad0129cdf130dcc04f0918cf3e658c3326b76d77066dbf6757772e4b3b0f8

SHA512
5e4c9de9b02aec4f6101f2fff22c079982bb9aff2aa1970d8d2154e1edafd4b08fe11e7e084af93d2569b73d432169a62d9e28e938b54690e8b8f297352bc6c8

Download Submit