4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
Size

50KB
MD5

5cff3143b8267682e383831055c8f624
SHA1

9d6706413dc952dafbc61fdaf11ff2d274702c24
SHA256

4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb
SHA512

1a74baf6ee32f1fe479462f894cfba2c1560aa4d8991efac6b574f78e7fee70b6627932843062ba0a498aa313162d221a53d739fd70accac9915f8fe21609ce0
SSDEEP

768:W7Blp+pARFbhBgnKLMWK9WKD2N2LSarSaAsE:W7Z+pAp2nKLRKIKqoLSarSaAsE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3656) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe

C:\Users\Admin\AppData\Local\Temp\4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe
"C:\Users\Admin\AppData\Local\Temp\4e7055bebe65f2b8123beea7a4cdf74ac7fbe8b71ef4a3d4f69b9522810ff8eb.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
50KB

MD5
4dd2ca818dae11692e313a0a994c2d6d

SHA1
6f2b3b75e3d1b6338af90f39702204589aefffe4

SHA256
282d081a9a148fdb5abb23e8263fc502ba9796a8e3558f6929f1419f1ee1e72a

SHA512
e390f5b3d9eab13556f89787765c8b5a44003e14025b91c09443a6ff9b83890de5689aaccce8827d685b11fd88957b65f83ecbd84d7f8a4164d19cab8cd7e3c2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
809f81c0f97f23d55cb59c1cca200e5a

SHA1
3698d02f184d48b653fd610544e699d2bd73468f

SHA256
cbef4c59dec2e30407ef8954514b810a97883684f31bc3e498af8662d0e0a3c8

SHA512
318f75271ca8a5597ce5ecd2ff50f807604804e604348d6ea38fd7eda466f584bd73bc6c8b9316a180f8939743b20d28352cbccc402863c4c7847da0bfd83144

Download Submit