21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429cae

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 11:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
Size

95KB
MD5

ccb91f537b4bb0446853fa20a3bf0ae0
SHA1

f9b7dac2e150dab2e34401ef24f5f5ed288e1415
SHA256

21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429cae
SHA512

e5fc8e98d3436ff650105311c1e82848d10bfc05f9e4f713e2853acdcd78e286b16c3f5d12defaeed12cfe2905b1d0be02e528b1640fc28e66bb63fce7e7cb45
SSDEEP

1536:W7ZhA7pApH9QHwtRF9ESWu0SWujodsodaNovTW+SPL+cycWAF689ilxMo:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9O

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2920) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\release.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe

C:\Users\Admin\AppData\Local\Temp\21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe
"C:\Users\Admin\AppData\Local\Temp\21a199dadb3813ba15fb3dfb064069c80d331b8866e0f7eb42f6cfcdf6429caeN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
96KB

MD5
5125b5fdbc0cbb1f8dfaa384be8c6727

SHA1
1805fda693697a86976d2b19e11732d5ef42fc64

SHA256
d28ece4165337ae26533019c63af4a29f2126a435aa045199370461374f35f44

SHA512
cfe400ed7cd507e8077016da5ad29b070ae71c708d256b1983227ac9f28ca7a3c09a11daee5e1ecba3d015aacc24adb23e23a6ee136b069918091ff8996b8391

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
718998727e5f42add7afa430308b0ccd

SHA1
91a6d106f6d3338ef233914b593348dbf32b4379

SHA256
c514e8b0951fd53dabfa80cc8ceeef350ca66665cd7872874001e55d29bc0564

SHA512
01d22c8ff2015a2158b240dc4053641ee5027fc46c830d048f9d01f0173d9e266424417f19fc78f27e959436244f762fb71688386d538d0210630b6291ad3234

Download Submit