131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
Size

60KB
MD5

9bab05d24cba868f899c3e60dbf5f280
SHA1

ba6f9cd66cf94f3c018643311b80b1c78f7b7b13
SHA256

131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409
SHA512

1cf768d69a7b89adcec7a03e651e047c8bf1c029ee48e48bc09d5bd5e09db2143afdac6b589a6fdff681c074f64eb8fd454ec102900d37b1d13c51f04bd01ed0
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJwRJofJoTHKX/8KX/s:W7ZppApaJofJo7KX/8KX/s

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2879) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe

C:\Users\Admin\AppData\Local\Temp\131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe
"C:\Users\Admin\AppData\Local\Temp\131df134cc321d473dec21b9269e881e768c66459fc369ee3d249d6a9b9c2409N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
60KB

MD5
ae0ff55723ed774cd1b80150087b9779

SHA1
cc2d3953ca8824d96eeab1ce4e701078147d1268

SHA256
4cfc662cbfac65581445aec5b36930b301c03bb91a73bbaa80ab036044d9dee4

SHA512
b608045bd190af7d423781f479eb695aa3e2c9cf3b4563614e8cac2b918221b8e90e22a88e7b236cdc474c9f97e7e14d28e8c106529d790276ef7459ec032c13

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
69KB

MD5
7675b6b20b0000cd73b7053de416604f

SHA1
4273873a1d2f71dbbea8754fa006631a79cfe469

SHA256
cb56f25fef9a088d62799d5ff75f2e760a5b2bfce3dca3cb10b1afa027d8aed8

SHA512
9a2711426fdc451e3033f646b54d673dc02f6e6c97dbcb14464cc2533790ac7cf7c13b3494251b27572da74a47ce68bc0b48a2c938d9a04a9b709ae8d264a370

Download Submit