e6e8a035b3eaf732074e4ddbc1959886d4bf418de2c0b9406aa53184c469b73f

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 01:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bbaf45725c54d378283cefaf698d8db0N.exe
Size

35KB
MD5

bbaf45725c54d378283cefaf698d8db0
SHA1

bee8337ab263d938ba44bf6b30ae7049061be06d
SHA256

e6e8a035b3eaf732074e4ddbc1959886d4bf418de2c0b9406aa53184c469b73f
SHA512

2e925faaa291cc6b851e6e73b5824088212167be1c5b500992f60a46fed61ba376cbcafdc521474271ab6c1b9be9c6ccf2c0a8cedc5d7d7cb1c891ec51c49157
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmni:W7BlpppARFbhknrSLmi

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3293) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	bbaf45725c54d378283cefaf698d8db0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	bbaf45725c54d378283cefaf698d8db0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bbaf45725c54d378283cefaf698d8db0N.exe

C:\Users\Admin\AppData\Local\Temp\bbaf45725c54d378283cefaf698d8db0N.exe
"C:\Users\Admin\AppData\Local\Temp\bbaf45725c54d378283cefaf698d8db0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
35KB

MD5
9638afff272fdd115ff70016bc9ffab9

SHA1
d6cd14c516be50351faa3d873a0da978250003a2

SHA256
10ce13255ee96a08eec55bc000f752f8c083933153e3279b3d30000ba7fb0375

SHA512
2843a69af57bc0a54b0721f22c37a866d8e6026a8bde62a1bf5c98793297f8c6aacc5d62ad7277c76952fac0543fc3ed197b5080aa219151651bc84ed81958d0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
44KB

MD5
04fc4aaca02ce3a030d3873114b3784f

SHA1
63d859853f20feda0153afbf2ec62e93ada8c9ff

SHA256
3659dabc46b064d8da007f75c46d82f3884ac637bd3c8c2f1d35de26779691ea

SHA512
926ddba01b407667d65e2a56600bf4653bdbfa203cb5184d7ed4a97e511fa9be1bfbdb9a1a89818a5910b9ebf124f28dea48d19614cd711c2e6dc58463e406dc

Download Submit