914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
Size

38KB
MD5

59387bc83c4defe2bdd3a522db046cd0
SHA1

1917a320e834100b5fbc312e572437919c777ec2
SHA256

914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352
SHA512

d9c4546de63c11062e675645cf0ab31168d6a399ee300de11ad52cb51cec7957488701c31bb9d1655e97d8912468a2c30cc4c56bca1bc883e6b9d06760a83989
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lt4ou7Oi1J/x+Oi6JAfou7Oi1J/x+L:W7ZhA7pApM21LOA1LOl6AWD2DA

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3340) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe

C:\Users\Admin\AppData\Local\Temp\914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe
"C:\Users\Admin\AppData\Local\Temp\914b24fcb26e063aa11450e4752f3da78ce7d6819048df950d5e380f53431352N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
38KB

MD5
0080a145e8dba7dd22ec2ef153cedf8b

SHA1
4e1879b40df185f1f34c5b1c388a4aa3b4e3ae3e

SHA256
49c135aa398ce773a55928e365812ab3ceef572d61ba7255de177126db64f0c2

SHA512
a8514012374523bff4a949ff50868113be19b2931fd64bcc7ecca9c295d39f39ccdfeb9a3e6eea083d49f47b24435aaffc1a64c9effd6aacac1a6713e6252397

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
b3954d236a9a7d78361b5906eea51404

SHA1
ce612f731ba534427bcb84ca97d58d100f56102f

SHA256
1adff5a45f31b205e1f26516f6e2c659e92b028b54d1aca361635aae30f2e3b4

SHA512
b463e572fdff110ac077a0b89811a8828fda148e55c8502fd2b332848380776d6f18d99a827470eca659070239e61fd0c2c301c1516919bb7a3e952d12961a6c

Download Submit