df99e70373e1c8ce78062e7772134fb9829ef331c3fef0d32d4846305f92725e

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0e6852180b4e4c223fee6af7d072940N.exe
Size

54KB
MD5

b0e6852180b4e4c223fee6af7d072940
SHA1

ed8a5dd13321630d44311b853b388505db1ae1d2
SHA256

df99e70373e1c8ce78062e7772134fb9829ef331c3fef0d32d4846305f92725e
SHA512

1201403daf92110f4f4a2f18d320cef34c836999b8b392cd825f814d25e26f7cfa3088590426295e61d1103e8029437eb8dfd728ba99b9e2e3f9d89280917ec0
SSDEEP

768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nsK8WKnFIMK8WKnFI9:/7ZQpApmi6nsKNKnF3KNKnFg

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3247) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	b0e6852180b4e4c223fee6af7d072940N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	b0e6852180b4e4c223fee6af7d072940N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0e6852180b4e4c223fee6af7d072940N.exe

C:\Users\Admin\AppData\Local\Temp\b0e6852180b4e4c223fee6af7d072940N.exe
"C:\Users\Admin\AppData\Local\Temp\b0e6852180b4e4c223fee6af7d072940N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
54KB

MD5
ba4fd54ad69a032ac1c538cac7618e03

SHA1
4d393aa20ab2c190d958925d43f83d24989d4cf4

SHA256
fd467454a00f5a218f4578a86daa7f1cd57c264d9542a24bbc2ba28f095f9eb2

SHA512
bb398da687f6223525d2a833752139f3ff230bce89f600ee9e231a4000e18c7476e239b33af6db7b5d847468a49f5fb7cd5a1b30da8acdbda6819b501d80c7ec

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
632c3bc511ca601a27077ec7fefbfa48

SHA1
018d3aa6e8f4f477acab284860552b8704ddb45e

SHA256
5692014d75ff91c27bea77564fd667e0b3eaebbd1085ef01cb44c816b37e7838

SHA512
b917a65b3e4fd94e4ada6736eb84cd00d9c176793afd06d304ea5684a947ea21c0976d1dd0ee674bc3ece7fd80bc33b4cf7f9fb6428efe53573901f50440619b

Download Submit
memory/1368-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1368-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download