0b8b97009c2c4da5f71e85daf6524723d555b130313178493ac6bdb1a38f25c3

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

705b2be48b2c398c80f195d1ffc72d90N.exe
Size

40KB
MD5

705b2be48b2c398c80f195d1ffc72d90
SHA1

8a0424a8ebd55cf8830ecbce7ba936783c732d67
SHA256

0b8b97009c2c4da5f71e85daf6524723d555b130313178493ac6bdb1a38f25c3
SHA512

ce40c56ae1a99684bb87f9145614e99652d42e9b692415d727c0b9b89a68c8aaae04f1d1a6c203b3e497c06441ff6aee3a26e65d63b0aa9e4ec456acf6985751
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1H:W7ZppApBULcfpHLcfpSo3fJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3297) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\SearchSwitch.mpp.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	705b2be48b2c398c80f195d1ffc72d90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	705b2be48b2c398c80f195d1ffc72d90N.exe

C:\Users\Admin\AppData\Local\Temp\705b2be48b2c398c80f195d1ffc72d90N.exe
"C:\Users\Admin\AppData\Local\Temp\705b2be48b2c398c80f195d1ffc72d90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
40KB

MD5
12b44f596ab92f5c04c092de790e6867

SHA1
df1f4d2698b3a397996112208915f95d526dd1b5

SHA256
ce3b5ca63294668095c4ffdb1bb3a9cf2af6c0ea3aac257968a8454001c1f747

SHA512
7a61ce6faaf8a0ad75f01a78d71c9611151572e0aa4946dc13afd6586f338806eb64c4a6d7d30e265112743561a804c7462bdaaeeb781486eb82013d98871393

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
a1af4215af20745d2ca206e5b2f7ba0b

SHA1
4526ded081604b3ca6794bb136036ebd018c846b

SHA256
e478fcfed9316788cb921d857bfafceb92c804cea9eb00a584e22fedb1811e69

SHA512
b9d7a73d2729c8ab6b1dbde0fe34c022615c3d49f7cb1ec80ce61bde90c951c81c4c18562b52cf416e931c8943f7ee8db15feb2e491ea856fb75e857caa44342

Download Submit