55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/08/2024, 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
Size

55KB
MD5

225360c3082f173166671a483be3b1cf
SHA1

d5eee5829f8eb0d48742117c867a6302b824c517
SHA256

55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34
SHA512

2cba619212d7a3ea94778dfa5ac1e1f8d2d13312dd9a130a4036c6a047207bf94a83f0331ec09089ed73d7d81ced1ab93f9187361f9527d8410f854b907a5860
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/I:W7ZppApBULcfpHLcfpX2/Nw/Nwmx7

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3784) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe

C:\Users\Admin\AppData\Local\Temp\55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe
"C:\Users\Admin\AppData\Local\Temp\55bbdd1ea10c2b8042c1807dadf1b323d78505bfffe6d94bbf86bcfbdf930c34.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
56KB

MD5
4fedf8a2a2d099a3f439c95c79814cca

SHA1
29618ad94ec4786afb1fa5adcbac7dc5d94548c7

SHA256
ae5a07fc69c7a4345ce5abf34c7f6dd4f43165b816106ede5abe359a7ff4a03e

SHA512
4dd876fb651c0778ac45f2f2de618c58fbcee95189c590dcc88e127a036c4de258db4f4b57b67f3328e6a0d318ad20e9d96bac54684e46b593484072862837e4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
25f2137fa5f9afea5d28c1935fc4dc1d

SHA1
f3399daec5f91dc6d759bace44b2e583e318f0cf

SHA256
7f531f728df413d9ca8f7b0d05ec52e01396b2b874d45093171b1e48a2e07a4a

SHA512
f9e1eb92a7bb87683e6ba3ae515d277fb771a08ff2fbbd90e3e726746c05fbfa275d9de8661c65762d2660d58181701764dcb026d8224f32d48f07f7a457a7e0

Download Submit