2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e

Analysis

max time kernel
149s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16/08/2024, 20:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
Size

50KB
MD5

d062273aa0f50e4f40100d95e56f73b6
SHA1

4104ae52251baa6df721bb007d5c4a0815a96c46
SHA256

2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e
SHA512

e3b4470930fbc5dd258e06f3e399c5bf012e26c78ba2cf16ab76db20ee14315a1fc4f25184b65c69983b04080e952f63fb0599e6e55fa38539187f2f14832dba
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0krDzgpQZ+zzgpQZ+e:W7ZppApkGpaI4e

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3701) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\ReadWait.zip.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe

C:\Users\Admin\AppData\Local\Temp\2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe
"C:\Users\Admin\AppData\Local\Temp\2b0ba1f4012af15b916aaa8616a1b94084cb10c17c53f30ad81eb8415439f08e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
51KB

MD5
ca54462f75e5f2144ce0a3974b42c9c1

SHA1
54b577f46b69d4ca87acff4c7d8a2634cfd374b0

SHA256
a9e4efda3392efb155ae9dfcbbd19df0da4b93687916d3c3331df4a779056802

SHA512
93a0abd66fbd4a0b3a4734808d428bb40a7bb966636378f9d05951b6d46b3c0f643836a8801909b4c53bf19fd07a668bb9f186d5b263ef2ccc8b678a3732072b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
ab81b892d67a58047b256159f27511a6

SHA1
d15302d35da3867f9708858f6af90cb92137b3c3

SHA256
677385023398eefb3d865f48f67e2b59de3ee19f1599034083d4e80a1cb86d17

SHA512
9bd9a5b4acb417fbefa2551878caeeb23badced68def4a7348ade680bd1c9c0e2a99cd457a15f6f74b470f3b4ec819421a8e4160cabea5891c5cb6c18ca8a6a9

Download Submit