605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19b

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
Size

46KB
MD5

a4eab74696294bfd9c4d20ff570cec30
SHA1

325eb0e75325268fd6a1dfa65fbaa85e44564481
SHA256

605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19b
SHA512

6e28a17a61f16f6d66435f7e8020b490b3e29b9806c90c8dcd8cf42a0f13999381c3839449d7a17e7914da655b4c161fc0e02e588711f5a6dcf64cd2541b2ac1
SSDEEP

768:/7BlpQpARFbhNIiJwsJwdXo8/O0QJfo8/O0QJh:/7ZQpAplJwsJwdBcU

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3252) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe

C:\Users\Admin\AppData\Local\Temp\605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe
"C:\Users\Admin\AppData\Local\Temp\605009e003f31f05f726e28cb98a00b6085da817edb2630416e9f3679c2cc19bN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
46KB

MD5
29ba39be28b05c33d871d084b1bb3cf0

SHA1
00cd700c4d6226d1c58a9dc3b687453510ce7acf

SHA256
6efce9ac8ee732a1c4980edbbf6529444d22ffb8543c6f7fcbac0c5ed2919ebe

SHA512
cc5b2c727422623cf67a55ef8279a637c6bf5ffbcd7f9dcdd8fd5c1efa66bf41f26bb91bffac7677b79564eeb12c1f01f5bb4f9def115a9ff46af7a57d30fde3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
809c36ef9f070013a1aa0b7d443795f6

SHA1
9bd6d9bd2694373b119a742d48c38799aa7efc3d

SHA256
df98ab4b62661fa20e99196d20b0bc2036994d701af525fde08441b4afecc497

SHA512
46ba0e3bb9467e40bd4a4dc0e130b4fba734bae8b69f2a1e1b303b4f202e6ec9f4b69122febbc60741ae62fce78464dd44eb5999a1055cd1af19ca75a2397dbc

Download Submit
memory/780-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/780-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download