1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
Size

52KB
MD5

ff6ff155f94130bf420199c0c7b86680
SHA1

5f4217c3dfbb55ba3dabb86d8d59393ff9f341f1
SHA256

1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040
SHA512

8f6fa69731a4459eb111c014648b0790874a1c86a662e23e09cf3ed27bccf29f4289f53f83dfd92b617bd18aaeb6b88f7cf46f85616007270fcc84114ff88a44
SSDEEP

1536:W7ZppApBULcfpHLcfpSo3fstvtPYcUYc6eMa+QeMa+U:6pWpBwchcUtvtxeMa+QeMa+U

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3410) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe

C:\Users\Admin\AppData\Local\Temp\1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe
"C:\Users\Admin\AppData\Local\Temp\1d8afe76040d5fd52b2a9932ea949a56eac0c40deeb2694737aa828bcde2f040N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
53KB

MD5
d14dcffac972a58b6d8815d5ec27230e

SHA1
566f1cded067e720fd51b576f59abb88bed6da51

SHA256
775e3084f33683f456887448c5401662dcbeaf1120b07fa2c5fb0b389c75ff06

SHA512
5b1e683319be993b3a055030cb44fc8b2831ffb45e221f8bfdc60c52fb9797f6a71dd0759347dfdf162ff0848f435ee758addaa645a3bd4737a96dbc2aac184e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
2446a19c3168b372b61998f02226f25e

SHA1
cc246ddc85f7b7cd7c1dea7c79fd70c0fe2e69fd

SHA256
9dcd5b50564df5142594865237ccdcc86f5e61122f8efc5bf07ae0276f7bdd56

SHA512
b49357377a19ed27eaef23d44ff19d37647ad02e812b9bdabe9be09862080d2a308f1cdc6c35cd2e2d925d3c25d659050477ebceca4a86d47009ebe86b1a4b90

Download Submit