b362d57ce7c1740e95ea1d53302c2a5eef23b15ccd6cb6931b562ae0df5e12c8

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0f37840fd195c91cacaf09bebc96000N.exe
Size

69KB
MD5

b0f37840fd195c91cacaf09bebc96000
SHA1

7f1bb4d8d757af1bbe05c0834ca9d21375426b7d
SHA256

b362d57ce7c1740e95ea1d53302c2a5eef23b15ccd6cb6931b562ae0df5e12c8
SHA512

aa9a23221c8dc3c917b7dc337cee6911693692c27d5d1e32697050280c52ea8db299ec600bf11822b970a75d747979fb5ac1ddc580fb12f3bef8feccfa4f2424
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvniu:6NLWpCZIzjwHwd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3241) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\MountRepair.jpeg.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	b0f37840fd195c91cacaf09bebc96000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	b0f37840fd195c91cacaf09bebc96000N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0f37840fd195c91cacaf09bebc96000N.exe

C:\Users\Admin\AppData\Local\Temp\b0f37840fd195c91cacaf09bebc96000N.exe
"C:\Users\Admin\AppData\Local\Temp\b0f37840fd195c91cacaf09bebc96000N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
70KB

MD5
f2213c1d71ad12ac923f2c473561a951

SHA1
177ff85f01c88fb49ac1918037bce8dbcbbac81e

SHA256
97974ad7c7a2e3d2ceeff71f26fe54e6b0898029818c124f8888bbf645db04bb

SHA512
b05d5a7c244fcc3f5a9aed571de3eb22e807f041b3faf0779ea986b67002629ff66dd7e6cdf17e03c04fba353d7d5f0ea22314898ede2a4fff615d7968790cf5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
bdb90f87cd8e903b4113b396f6b87782

SHA1
71807b96cb249e2653704db26cd4c385379ac509

SHA256
82a935cfa076c043dbfda140b19c1435012e701ce3613bbd5c1de80886b94b1d

SHA512
0477148b62d0a3a2202a35fc6b53d7946c9e1c52fc5beb93c8841290263201adfe23f81ff65adfe7bac402700e11058c054b408e11ce413a00b7ec80f7fdfd2e

Download Submit