b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a

Analysis

max time kernel
149s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
Size

112KB
MD5

2b7183d3f362ffcb27cc67e8562207b7
SHA1

72e82fafe4752431967a946bf44d2023c92adcd1
SHA256

b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a
SHA512

79aed9426423e09894a74fdc46ff56e9f81ad8ed5a6ba254a9fd59432e3b17c73cd7390745f57ecd5d31639cee06816a677e00f73b50ef619201d6d2822b1549
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzB:RqlIyFESWu0SWuGSV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe

C:\Users\Admin\AppData\Local\Temp\b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe
"C:\Users\Admin\AppData\Local\Temp\b2a4567e84045851be87ed1b0a4f7b13e4b4ec73e38c89df0b9333d9ce2fb78a.exe"
1⤵
- Drops file in Program Files directory
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
112KB

MD5
94ba07806b472a5ab7096babe6c07bfd

SHA1
36d789701eb7cf9b1fbc0f619224695461149085

SHA256
a6b7477822985b7dce200c383fd246d2b06b1dd16b8a82293fdbb69fd19b34a4

SHA512
878a56783432ffbc293f48257d9ac66577d803b07237c4c6d85b9cd23c5e646fc00f4e0d67dbc43ba753256bb02c096e596dbd777a589f531e387c39d8fa10dd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
121KB

MD5
08c61854b871ee86f36fef6a7eb85d4e

SHA1
60bd59062a80ef73ac19051e8b50a355cde9ce4b

SHA256
998d57ef6c753b4aaedac812e32e6a3dc7de5a4497ec6548d670c9e8406184af

SHA512
6caad92ee74e60c07354748925193e88f274bb913cf03816463554855c9ea5a438496491d64a1d8590877e092e986572a3fe90391fd861c5fa369e50d03b2cbf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads