048b4c98c915f6380adf17510c71b9a1891bc2c3ee66236274aab40bdfce9ca5

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85b068e6abff0df5b067373be8ec0cc0N.exe
Size

44KB
MD5

85b068e6abff0df5b067373be8ec0cc0
SHA1

0b4a237173b52bc0961fe46e54e942666f67c64f
SHA256

048b4c98c915f6380adf17510c71b9a1891bc2c3ee66236274aab40bdfce9ca5
SHA512

7797e4f54c8bd642d44a8d20f8ca29e0cd2103210999658324233f406f57ac3d7efd51120087014da48d8cc390e3afe355ccef0b989fe663bd4e96076d489f4d
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJL6:W7ZppApBULcfpHLcfpyDF

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	85b068e6abff0df5b067373be8ec0cc0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	85b068e6abff0df5b067373be8ec0cc0N.exe

C:\Users\Admin\AppData\Local\Temp\85b068e6abff0df5b067373be8ec0cc0N.exe
"C:\Users\Admin\AppData\Local\Temp\85b068e6abff0df5b067373be8ec0cc0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
44KB

MD5
43391ba4ac29e7d9bca6fbca1c5303c5

SHA1
59808e5f9300163f366db3fbb63dfba01a76ac85

SHA256
2afa1b23f9887fb8b6bf32f31581d866932513e8ed48b147ff37b12f148594e3

SHA512
4df4030456b00f4b5e9e317cba8431911d1d7d7891b090dbcf25fc56e5bd5cd8735d01269d9a2f106d99cccf5d54c629aff3299ce8018ecad373a72a69241abf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
78da18583a1badea24f6815b7f63484c

SHA1
9a3642ed76de0a193e44136b426134beef4d6282

SHA256
9e605993fd81de9b84b3737cd5e6889df1a8472013bc43b2bb937bdf4bfff6ea

SHA512
cd3c6444e6dc1f6bb3bdafbe0dc35894ca0539a7aa892820204cb16b3f67d6a71b277ffbf9fd23be3543d55ecc1a71c945f76b4ecb63071bbdcbed596ce42abd

Download Submit