155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37fa

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
Size

52KB
MD5

37b65f86aba2dab93dfab47817eeb270
SHA1

37d994fc2af4770d74ad80126dce4faf2c604a21
SHA256

155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37fa
SHA512

932106594abba02e909e07c278864823b039b46547adfd1303b84bfe79983ca2c45c5ec66f6d91218979beba89e6cd358613ae91984d1f0879f66b6a3635c7b5
SSDEEP

384:yBs7Br5xjL8AgA71Fbhva4S04Shk5c5iZGba14:/7BlpQpARFbhS101hk5c5iZGbJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3828) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\settings.css.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipres.dll.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe

C:\Users\Admin\AppData\Local\Temp\155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe
"C:\Users\Admin\AppData\Local\Temp\155af7e68c9240026fe4db7deed2611c6d5641641f8d295ca1565eb4718c37faN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
53KB

MD5
11b067c20b91787ac252e0cddbf6169a

SHA1
f507c70cc2563bf40b248d1692f6e78002c5664f

SHA256
bdf153f21248cb9818a10d7342867c22c234b4360e6930555e75c838b4a354cc

SHA512
96a6da9a1fa403fca077a686fc24d8c4a6f7dc6a6fd71e3e5a7528780a6eeddbcf31fbef4266b1996a6ce521d0ac0814761e71382bea6aff1c2fb4e758c9cc4a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
630e70556e419f0c8101d820ba7ab4fc

SHA1
1b5dfd1f0306592abd45b47aca799d41eb105402

SHA256
e4172b3819a985ad3ce89c1380296f17111147ceec57b770d3d280ce2778ac5a

SHA512
212e40ac9c6700b0aa49cf74040788baaa367f5b57cff20377424a4ae32fdd3e14ade6700e23f36d92d30e37bea123403b7515302b6a14bd5b4e95d68286d60e

Download Submit
memory/1908-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1908-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download