1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3c

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
Size

34KB
MD5

9508a17c3958f8e8a89e7c7794f4b510
SHA1

99770609a5bfa61b22ce87f12ff76ade7cf16a12
SHA256

1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3c
SHA512

9efc3f748a627fe9c8fce92ad70f223f0d2f16bb87aede180af8b0ef582ceb8f6e18222cddbb4f1b6d58d444c7a2ba4b511a5720b3bb1e9b8fc3b5ea13141f87
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lqL:W7ZhA7pApM21LOA1LOl6X

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1280) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DismountConnect.css.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe

C:\Users\Admin\AppData\Local\Temp\1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe
"C:\Users\Admin\AppData\Local\Temp\1fd3ffe2aa512ff84d6e51cf615c6a0efc99f38767dd4ac3b9e0f5bb43e85a3cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
34KB

MD5
94feedc190951c184a28453957bbe1f9

SHA1
c4cced9c7c6a3cfa411c5f0c9320c8ad35ce46a4

SHA256
6b2ef2fc716f13362e91bab3455b243d3e644d79e9dbd510a5b52aee873329a5

SHA512
42226ee2c82d4f7da574706e96fd1cd5fc7df875423291f5ea89307a69acb033dc0cfcdd368d1e190b32bbee39eb92f27df17888374fe47364240e4436d8bac7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
43KB

MD5
0344048ab35fc89dc8d7519c5a559327

SHA1
dc58682448ca30ceabc9ff11855e90d2c377bc23

SHA256
ea476cb4361b4934138c7927b96752daef963c63cc27b85fe7b49d4ff119ec87

SHA512
4a22d6c9c939a5d55410bba381bc0c866bd5b5d2120d87a1b2ee9b632ad5758ca925ffac15419f8afc03cd9e65691137fc517cfd2e139b65eab318f220df2056

Download Submit