41a59669ff9b1346d08fe57494fa23c68d02b446d0d78f406d2438badbb4b573

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd4af74e15862253c01973affabb72a0N.exe
Size

82KB
MD5

bd4af74e15862253c01973affabb72a0
SHA1

54ce17a44e99f70d279f156ab2f03fef10312813
SHA256

41a59669ff9b1346d08fe57494fa23c68d02b446d0d78f406d2438badbb4b573
SHA512

082a0b279b79fb4ad95d1066c62392b2b04abcd1deecdd2bbdc5166e7310c46a5801d55f205d78c17685dde1e48f99c2cc9bc3884e9057bae69a3aec02ff73d8
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmh1444REXBwzEXx:W7ZDpApYbWjIoPyPoLzV7c6Sh1XH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2859) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\SelectCheckpoint.exe.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	bd4af74e15862253c01973affabb72a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	bd4af74e15862253c01973affabb72a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bd4af74e15862253c01973affabb72a0N.exe

C:\Users\Admin\AppData\Local\Temp\bd4af74e15862253c01973affabb72a0N.exe
"C:\Users\Admin\AppData\Local\Temp\bd4af74e15862253c01973affabb72a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
82KB

MD5
3bf747f1bca6ad4ff7fc1f9453f178f2

SHA1
0ebedcf609b42b6bdb89ae08df2fc1da253248c8

SHA256
a1fb02f0a9cd160933f01394c596a78bf0e5e2997cc3cefba3a67c029293abd9

SHA512
0dc578bf89483f62e9729fedd239a779cdadf28c116e7f685cbd2d02e62877dfa868826391c7f56f68cb8bbd9941d80041975c3c826dedcdb547fdffd8fa41b9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
8cc1c3a69d0bd494d0ed3ad52af981b2

SHA1
f92db0ce146457d23f4a7cdb3dfba8ab45598806

SHA256
82baed3a4f610946d3249f4976084be8eea846b2d1ad4274d5a5a641985ebd08

SHA512
40f43888c1cf3ea3e27d11e9b7f15c7c9c0c98b21fe5df7cc98b6c3bdbc307a9f8ceb366c912eafec2bfaab7318d430dbcd755cfdd4482b148d5d11fbb1e2162

Download Submit