80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
Size

69KB
MD5

23f086d1cd5ae7b35a074bfb64ba17a3
SHA1

a1b0da629997b9d0490ee4e2e2f0c98035aeff64
SHA256

80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f
SHA512

b1066db9781ac0f7254ab3046c9a844f39502694adffbb9310fcc558f5ab1bf9170be8f9ab785d5002a4ffdddccd8df22d1da12a3116cf6fc83ac47960fff766
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw70EXBwzEXBwcJdkCKPuJdkCKPv:W7ZppApAJdkCKPuJdkCKPv

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3735) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\localizedSettings.css.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.PNG.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Mail\wab.exe.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe

C:\Users\Admin\AppData\Local\Temp\80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe
"C:\Users\Admin\AppData\Local\Temp\80b3ea347187d5f758e36d33dbd441a7cf25ba36ca51f614f8c1b50e810ee41f.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
69KB

MD5
945d6c4132ba3a0c77011743cdf126e5

SHA1
e592f2ead61306f9e283ffea87488b8e639e4656

SHA256
63ac43033addf333a68a116161432ba8c5e0335ec5df2a20dd1dda42218fc13d

SHA512
394468e7ef843b3aac0250cf310b257932e40e6ed9406cc51eebe560a33e309ebdc92662e0ad7a4bf31e3275ea24629546a65239febed4994b287a7e08ba3553

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
1f15e4e228e4e4a67c68208fe9ea5e59

SHA1
53f871fcf3769370e814e21e8e94166d7ade4d49

SHA256
3231772d2d9ec7a4ec728a0f34205fba8f5cb33729f0dfa9598f639b428e2a20

SHA512
743c6b6553ce339fcfc53b246fa3c55851c5f98e1e3d70637c13b104327ac2e0da21736a4bdc0da9b19f9f9e4a13bb074623e6333cc1d9b02c047d282911f2c6

Download Submit