b8ef13a9b3bccc13a0184f7b9e4847941b48f8020b260202e25a1da62847d9d4

Analysis

max time kernel
120s
max time network
21s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 21:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b42360c7d28dbe14a2df92bf0ac0f10N.exe
Size

68KB
MD5

0b42360c7d28dbe14a2df92bf0ac0f10
SHA1

e628715d0bbd98309a1aa4d36b9f7890e199915c
SHA256

b8ef13a9b3bccc13a0184f7b9e4847941b48f8020b260202e25a1da62847d9d4
SHA512

8655ef29ba082d7d48413af648bcfd13e6cabadb60db057591d63e72e9626d1b8e85febea3578ce8f319417dcf71c0d47a8f6bed15d974bc3783f51649d70e2d
SSDEEP

1536:W7ZhA7pApMNcH6gW4Wvs9s2cic8GhGvn8:6e7WpMNcK9vG1WJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3091) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	0b42360c7d28dbe14a2df92bf0ac0f10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b42360c7d28dbe14a2df92bf0ac0f10N.exe

C:\Users\Admin\AppData\Local\Temp\0b42360c7d28dbe14a2df92bf0ac0f10N.exe
"C:\Users\Admin\AppData\Local\Temp\0b42360c7d28dbe14a2df92bf0ac0f10N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
68KB

MD5
470cbf229294c69f156099e5a8829e68

SHA1
dfa6e5efd569c1006963df72a9b02e4255c12e9c

SHA256
0abdc0739e1883a28c86f1b4456d8fd238c449a422afde49d736ca1a7ae14518

SHA512
18048e92cba7c703a087bd1621007df929544da2811c6599a7381107629908b228b1852d5a782924ac75d149f9a703c7f6b486b966adee7fbca5f25ff4b346b9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
4fad601f249ea04d55c453dd96e6fe18

SHA1
eb290bebeb4a0bc608ba79fe7ff7578ba394e878

SHA256
3b748c55cfd8552f869176fb049c612439bbaafa9362c36fa9bf1485aa68cc86

SHA512
cf8c684d6fdf4767e780b8881a3ffc1e89ea7617a4403119c4d6d18f078bba33c48f2d07a2b78c24d446a63dcf2ccc5c4ead03260160867ae8df52dbb0bd018e

Download Submit