00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
Size

120KB
MD5

36784d4cd4cebed0c7d6111ef3e5bd89
SHA1

202fd73821af937c93880aad451670ee0f1b16ba
SHA256

00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee
SHA512

9d5a0b6abb1971a616dfcaf12cc404380378105ecc6e72200261a8861393bb7f812ab04fa75af6bc34da5cdfbed3c24b72d4682869363d9e5a1a7dec04abdfc5
SSDEEP

3072:6e76BtEkoIAkeF0RNyreZ8PRmqIZq9awE0ctUiQF2vUHFe+0AkyyDfEmU0RFWn:Re/EU2

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe

C:\Users\Admin\AppData\Local\Temp\00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe
"C:\Users\Admin\AppData\Local\Temp\00834e34f8f478be8b760a9d2bdb1cded018a2f6bb52f36f72c66794604af8ee.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
120KB

MD5
efcfa09539e6e347433892d910b3c508

SHA1
c57c4b5bc7431b8ff9c0d7da7d0203fd1003df42

SHA256
5ca7653633f68eb244988f593e6235217653a0a3851fb6af0942b6eb404becdf

SHA512
681a9aa193e8dbbd3ccb8b3188ff0113286c4243b5899872492da074336ea8a2ccceff10aa2675d843ce776160e5f2cd3273d0d45c12d3b03942e2aa383c3470

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
129KB

MD5
df26039bf5c4f6cc0737669636daf8cb

SHA1
97679298312f938964d810c52ac5bf24db8ce6d5

SHA256
5de5fe1d40b6b61bf8f3f9aec67ccfa78baa346c182cf361ca3af52ab7cb74a0

SHA512
5d56be0b0689f00c142ba3866f9bbee59b6511fb1b15e6788c407944673da48a1d247e5ef8af6de0835a5de039a0e87bb88d41ca369c230b15ad1a7e1540a797

Download Submit