31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691a

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
Size

100KB
MD5

f4e71bd16dd33b01fe3e7942185adb30
SHA1

79cc62e578fa400fbbc7f448cdc3dae6a73a5e49
SHA256

31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691a
SHA512

c31de266e6123b55e16833777e8518473ebec1bd10f0ac70c3e83857c1eaee4e65017c8ece487e9c7b1e8af29d906401e5c47a7a86ef194ccb3447a8449a6691
SSDEEP

1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggEpVp+ESIXosbosP42:6e7WpHIyRF9ESWu0SWuDmmSIjX1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2958) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe

C:\Users\Admin\AppData\Local\Temp\31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
"C:\Users\Admin\AppData\Local\Temp\31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
100KB

MD5
997bd6928cb01a45b71891df42bac670

SHA1
fdac83476be2b9e047c99c24f37f3b8a8423f610

SHA256
7b0997eb31da154d41810d1bb789bd73d465ae701f04f5a735bb04c316e33f99

SHA512
9796335a4a77dceea9cd608a4801f0be249aca94cc3c7129e4fb492182c1bf338269be565ed2fe0dff1810b99966c0c58e85869546d2bd1a97170a188f3a30f2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
c325aacdbe6ea0dbc6b7a910dbfc52a3

SHA1
a484574224b6a5a576643fb4f4917db1e1434702

SHA256
63b8ee6a2db38a985c1dac8f0a34f6db07631b40d382c9edf7bf38d3d83332f9

SHA512
36298349be2274f7a67cc52e6d67d05b9823b7904ce7ef9608761ddca5ef88458229b66285381ca6e504e51e9f4deef63da7055cc1066e429cd45f82e8e1b933

Download Submit