53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
Size

55KB
MD5

5208b8545339740f195e2016f48aaa76
SHA1

514ab4a023d660c2a0d6739924c112ee93c64cc1
SHA256

53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de
SHA512

de023ef4039c67c083d5da3b4565a61469882a8d5d253626c2603a4095f2f4ac18090b7ab2e63d135154940d464c4096111121018064e7183cc0652b37b7bf08
SSDEEP

768:W7Blp2sspARFbh5YSfffynfWK9WKWQFLeoVERZLeoVERBo5fOiJu6OiJfo5fOiJZ:W7Z2sspAp5YSfffyneKIKWQyWmePeu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe

C:\Users\Admin\AppData\Local\Temp\53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe
"C:\Users\Admin\AppData\Local\Temp\53420fc18cb3b9b6e15f15022d00bb72c9ec721a881d02fb19519a39567b09de.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
56KB

MD5
c8b8953e0ebdac06cf811f5110b66254

SHA1
8d781cbc1492723bc90e6e22f224e57c28984e17

SHA256
9e2ba9832a880cf07938f4176fb7407726b7a1fdc5241ab72275f2f8bbd1bdef

SHA512
3695071762f9f53687b758eafe3df7945443621a03da072bbfa7eda0950c426a0b2e8847c34c31cb8dbb1be5e877cd3cf3fabaf3e4e2647ede344a735b6832e3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
cd6bac84e6bc4c5a481dd8fb750da8f9

SHA1
86b14dac9e1576433adf79def13dfe3923860dd4

SHA256
bae6cae37ebeeada605b9841ca2f7258b5ef8a574054793d3c4b02b8bb7a2750

SHA512
9dded74d532ea82b93175143540e7ebb7d6472634aed5b5cac3f39460869f68d8cf594508f455b1931fa117628d43b4c6ce19921e5deec2fb13c9d3475ce858b

Download Submit