550d0afa912c5573fa2382371988be84cc3d72d5410906894282c68d82042fd1

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5d0641c0a73cad3678edafec3bbf560N.exe
Size

39KB
MD5

b5d0641c0a73cad3678edafec3bbf560
SHA1

7dd99182228b07ecd052e2b3d61ebc6552e61d7b
SHA256

550d0afa912c5573fa2382371988be84cc3d72d5410906894282c68d82042fd1
SHA512

c1b8a8bbe87f3e4fd92d2cf7fb5bb7be2690b38fc78522c0ccdf622e09bade6b704fcee66f0c9cc2a28b4fc8f0b27564436aeaca329e9fd93e654b763b99dcf1
SSDEEP

384:GBt7Br5xjLvassAgA71FbhvYD/DggNNHpQKMNHpQKMFwS:W7Blp2sspARFbhVgNNHpQRNHpQRh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp	b5d0641c0a73cad3678edafec3bbf560N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5d0641c0a73cad3678edafec3bbf560N.exe

C:\Users\Admin\AppData\Local\Temp\b5d0641c0a73cad3678edafec3bbf560N.exe
"C:\Users\Admin\AppData\Local\Temp\b5d0641c0a73cad3678edafec3bbf560N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
40KB

MD5
13474f77439f71003ece092a612d416c

SHA1
8a822387e1b2201c3eb2c388eccb46773932804f

SHA256
6d81c0c7ccd3d2bc8ace90bda2fa4d124ca4d915b91622d23db57984a1233d4e

SHA512
28bcf237e3e23c58e7f30b8c97ec3aaf28ac98eb0f7035b37928575df77deb6ac4fd4c45dc6b350239ccd78a4b4ff70812d2d9df5dbd728b0a5cdd110de84d00

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
8336c60267336393c66ff8be2ab2688d

SHA1
215b7ca850837ce50a0007958b46c787f82a6981

SHA256
dcb5a48495daa9ecb23dddb0cd0fe326d3e4da0ad89224cb369b3d7e7fc11c0e

SHA512
a91e414e48149493eb69d87a7f3283e7b25f086d2679148ac1bbe21186a342b212e121b34e19b55fdfd9ba15da4d6243762608d4a93ab2217c57ae61e11a866e

Download Submit