cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcb

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 20:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
Size

81KB
MD5

db42fb94b828dab6ae4fa94d499934b0
SHA1

60015db29b4ba6c87c0572779b709247daeb4613
SHA256

cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcb
SHA512

ffb04a333dc930de4deff36ea7b31afc63f1bd9d63676f2da0b88a19af61cd77866d5fee92b80e53a6f195d8786343b57eb41d1ed87cbb8a68170e75e2f1faf9
SSDEEP

1536:W7ZDpApYbVK4vx4PN54PN4OHepOHeZSZWwhYWwhkN7lN76:6DWp7WBWwhYWwhqb2

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3749) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe

C:\Users\Admin\AppData\Local\Temp\cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe
"C:\Users\Admin\AppData\Local\Temp\cd867bedc54ca53b35c56479a7d5f173012f9054c750a09a5bf6bf2f5b84ebcbN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
81KB

MD5
7227bde1ea755c94317866b9f6e017e1

SHA1
dab838c6eecc3644690b2eb1ec50e65448d8993e

SHA256
96a03e0c7fc2183e4d5d4875ee54943c21453bb4d0381ded3899bdceea961de9

SHA512
dfd3907772cb47fc202f40719e1ca86c23f25d6a6728ba2981af32737a923a39d29eb4c08bca0af2e06949ed948c0d9a581fc44e0dd8d1181201e06c19d487f2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
23af511c9f362215e296c876da79ecc2

SHA1
b15df1a5ea97de16048a707f57ed2b50c3589d46

SHA256
637e5441153a9b9e6e114c2c4ed1021baa25ac5efa21d06fb9605ad176accfeb

SHA512
fc9de1670bf4c32786426db6f8f09e7538b1fb4ace17d399ad0856bde2b4a21ce7016ab0275b546e8cc802141d3ccd85101af9e674e5153e3e581e0264efe556

Download Submit