1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2c

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
Size

76KB
MD5

a2c8f80ac551143d3df29a3a33ef90b0
SHA1

fc7fd6102b0b8d7ef1c069541fb3b75d0068ec61
SHA256

1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2c
SHA512

0b915d2c287cf519a865b0a0508763a0fc5c49163567536d7773dda2c0b5b2282d91bff4798bf6a75270fd9ab10c05cc01a16ac63a10c6bdf4ec0707c47d06fe
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8+CtlYSDP:6e76mQSostXDP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3217) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\PublishUse.xsl.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe

C:\Users\Admin\AppData\Local\Temp\1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe
"C:\Users\Admin\AppData\Local\Temp\1ab54aeba986ecdcc7d4fe57d5ab88fcf31a193e1775107d5bd717a83468fe2cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
76KB

MD5
5cb2d4c9142ecde6513f0f74b7511190

SHA1
3fdd8f2b8eff4d25f1ee3d4419653583c237cc26

SHA256
88e93be1525dd7e7a8528715ea18921796c59affc445eb5d5402596f88326ade

SHA512
8029ce5e53f53f103b188e6481abe6db83b395cd44ade20b29fa0bb66195d6c88b5610bdfc5f6a1fa53a3fcdfa7deeba5ff4b1f1305f4699e36ea6d49a5ac661

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
470a66c3cd5411772998b4cbad801d28

SHA1
89343da51db1694d7f84f6975e8acbdb7e03c423

SHA256
17f08cdeeef906058320cec8518f2059b3abb9e2fcfdfd5542e8c3d541ea59aa

SHA512
0224af8ce78b25f8c23cf99e9b48ecab8b2ea2163b800cd551d135cf31e2b7f5f0ddfcb73d3cf3319137c5ab55d47a23d71bf79c872762582a522bee00755997

Download Submit