714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690ed

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
Size

41KB
MD5

49c975e5c4ba16dfac6d45330a2b3020
SHA1

44eb207513761b42329bb95a82ff8c2202a2e9e9
SHA256

714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690ed
SHA512

1a3b56290357c4e788e290906093de5de154aac953d08cf61a16023f362d2f2d947818fc5625f14b97134ef264b8686b63fe3b206e0eb14b388f02230dc9fd5e
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltj8Tu8Tf:W7ZhA7pApM21LOA1LOl6Aj8Tu8Tf

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3252) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe

C:\Users\Admin\AppData\Local\Temp\714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe
"C:\Users\Admin\AppData\Local\Temp\714934b61772a392fc16b0ebb52d675b1a810f662dafef4ba21dbc9e8ec690edN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
41KB

MD5
981a6a3c686072421da6a2bf53854b3f

SHA1
944d176cc54c24d04483bc3dd87ab857f3fc8c62

SHA256
e6cd463300317d454602e08d238fd69b1b2a88568a76f1622cc7a9c6c9834300

SHA512
b1060170e3817ac623039810149813f414e95c31a81648e685955b4b975544d2ac71f1fbb949a911cb7e76020e8722b26022741a5ba6299b5be4a9ea4e736274

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
3b7a6ec145b6146d7940e2e31284b331

SHA1
0353dc2f2ddfdc6fe5ce236b05d26bb0a4ac13e8

SHA256
9be81a949901a230ff490146340f7b0372065c074cb6d1cd841e27d527bd7dc2

SHA512
d3e2442ac4fed114e8c6e91d67e80028ff69fc9ba668d4f480e44ad70cbaa9be64fa72b2fe7491fbc345dd7ed6e99103d929b0d5bf07af541505861e5d159b6c

Download Submit