904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
Size

74KB
MD5

f2d9aebed83bb48b457b216bf87ed320
SHA1

afcdf5e9004656eed98d9e4cbab51e56ae162074
SHA256

904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1
SHA512

c7eccc7dda136d7801978509ca2f2197e800f058a1522443f31dbbe8b6d0cc0ad4f7575c0efbb27d7abc53afefc8dc5a0d36d6d321e1649adf31d7ce371ef635
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/NwmxrLX6l:6pWpBwchcV2WxrLA

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe

C:\Users\Admin\AppData\Local\Temp\904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe
"C:\Users\Admin\AppData\Local\Temp\904d933e851c0a9bcab618822a9a00d04d591a00fad4018684930b2968834ed1N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
74KB

MD5
390503782a6efc03ede582990686be0b

SHA1
7ff9d67da8dcf2ffc24f040de52a1b5162cd82e2

SHA256
ab6f8468d5a9f1ef1bfdcfbd28c319e5072bf98ceebaae9cc202c2e5a3791361

SHA512
62bbac942ec676e34dc80a87ede2c98cc7f422a848293b98866451310d9c445eadd189d71d2c2a721d06706ddbdbd857a2570fe06fa5e43833230992ab4ac769

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
5024cc173e89123f0029688a86f2871e

SHA1
d9132302bff5878b257d3e28338e212a5a9a9cf6

SHA256
9295f25af0ade7b504fb8eb531ec65f1eabf05b3253b9e2d78acaef3ffd5875c

SHA512
ab7a58fee1ff8e22f5a5983a050f76c8d31cd908612dd62e5e2662888c3416aade5a76b2c41fc8c3085602430f01d2e9736f25f02e2074af27f0a92f6ee8b934

Download Submit