32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 01:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
Size

84KB
MD5

a174413c1c79bc41cef4e77357b3a970
SHA1

4431a9cbdfecfacc445374738095d7ffc17fdb35
SHA256

32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08
SHA512

49149ec855d3360bb65626cb9c63e8ff9a9becc670d8ee2652ff6f56aa10fef05af11c67268b3146662a9ac7626dc5e3d1a25eb77f6dbe09f512c886a2c17568
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/xJtLJtTGLtErp:6e76mQSohsUsUKDtErp

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3153) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\ExportWatch.xla.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe

C:\Users\Admin\AppData\Local\Temp\32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe
"C:\Users\Admin\AppData\Local\Temp\32706f28bd0597b33d5f55cc85e39304f694d6a58fa80fa9eaf15256f0908c08N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
84KB

MD5
b575a7e24917e85ca91b7c99043783d2

SHA1
4e9b71137b00ebdcb5d3f5e1f59888041da19515

SHA256
9d34b1d51bfe1d6bfe34fffb197ded0ca860b89b8fa212fbd9bc366d047e6c5b

SHA512
90f1eb6c4f7f58cb68e15d6946790d5fa52da9a667cf57d25bc6ec6854ff9375d9ce2d35db2f6a5e66aee324681b4d97d235c9c603aa20013bb07254d9b9f371

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
a81325466feb0c41ceed748bdd381784

SHA1
b071d234ea5c89a49f7a9157ffd2ad766ed5afb3

SHA256
a3585d5df32fb7e076711378195d799ab846dbb81c28ae2b0ab01d6f2bb470ef

SHA512
f8a9cc0ac150595d4114b79e8c862347393f977a6583433099e61eae13080a89e39a0fdd9778a1e5e47e5fc2db99c31c942c5bc4338f54f4bb7216588b09ac42

Download Submit