55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514c

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
Size

47KB
MD5

1ca564ea5b4bad35f6ec2cd26f103150
SHA1

f7276d74a053fd0b8cb72773f3ec1ef321ffe1be
SHA256

55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514c
SHA512

744ffea6b239957e07eb6ad43c5650d39737f5cf9bd3d9ea57328a62318a35827554bec807142f2fa51026193b1df2b227ec86961085e61e1aada9a5b9f79bb2
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1itvtu0Da0DT:W7ZppApBULcfpHLcfpSo3fstvtu0Da0P

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe

C:\Users\Admin\AppData\Local\Temp\55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe
"C:\Users\Admin\AppData\Local\Temp\55ce9000304badb78409e6f0000e009e248efcc53fcf87e6ded7d596b4f2514cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
47KB

MD5
a320247b963e180b440fd0fe7ac1775e

SHA1
efea2e8ad850cb95d16dc21f47f5b1bde6c70cbe

SHA256
df567a10912dfd2f87db7c911fe2beff5127fc04e9a8e1d6b41ba2bae792c067

SHA512
f2c079620bdc48aebac25889c5fa485d512ffd27633fb59cf13cbc807a01cd059b1fcf33741a47da9a4da97525100a96154602e590c09fd81fd80af498df60da

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
9593dc41056e2822e49847b058f70148

SHA1
15fa8897d609ebb624de4f1390f6d9c3abc6f9bc

SHA256
d13b1ed0b1bdf14a16c9f8cc0e3809e917afe87b95b03de9942a4fe7c31d0aed

SHA512
264334dbb40d6b9b09780e9b432cd33a38a4d1b67a3a27c40ad934e2b944a36c14b3a5eb595ef07b8836f2e09435084ceff62074bafced959276af85985863ce

Download Submit