538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
Size

48KB
MD5

61d8c2ff44ec9b9bbb2f3ab337e65070
SHA1

36c9df61711dbd3d651bd12c637fcce56d90c369
SHA256

538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23
SHA512

cb0b904b270c30bd32bf4820ad6ac7cbb272192462e8e0c8dcddc5bfdb8f818286088da9c848b2a9237d17ab018989db76a12ab4c01ec748bbce1f0c5bb8a7d1
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1ngig2/Gum/Gu/:W7ZppApBULcfpHLcfpSo3f2xf

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3781) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsFormsIntegration.resources.dll.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD.tmp	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe

C:\Users\Admin\AppData\Local\Temp\538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe
"C:\Users\Admin\AppData\Local\Temp\538363bb4651942f7fe0da058e6301b3f54c7e405d7a47a6d2f2988e5b742b23N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
48KB

MD5
832bf50d21a626e3d96974726b3bff46

SHA1
b279b0b71919d94f38182539422e9cbb98012f29

SHA256
fd545994e7dad7823f2fe7f9f18336118c39e5ab6fb7e9a5fc42b0c484a4ef41

SHA512
5c81cbd252e3a42717c5284ad27abc44776adf2542cf6d157cb56abe2376387e70f1aebb7322e13bb41f798a24a582455d0fb2cec5c4e582e6068d743e5260c3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
7cfe90008cad7bc863d708b805257d0a

SHA1
b6677741b69a1f4f27cbe4cebce47f505bb53ae4

SHA256
b3420923ce980abecec957223876d9293a82cfb3df45f5fa29ec1d417986ddd7

SHA512
a985ff6b5853f57f57bf3409584fc58e5ab7265679ca2490cba2e6b232e4efa35dfe1ca12e8b36a8e2966136c6fa0c4a3d3cb957ef9e28a86cf68286ce473b6f

Download Submit