b5c5bb93ec8e1873024ed1ad0c535e8e957de18fc560f5300002e5d7bd3291a6

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

085a1c45db973f579d9c42fbfa347ec0N.exe
Size

52KB
MD5

085a1c45db973f579d9c42fbfa347ec0
SHA1

b3f1884ffa1430b296f861c5f8cce8b79c75012e
SHA256

b5c5bb93ec8e1873024ed1ad0c535e8e957de18fc560f5300002e5d7bd3291a6
SHA512

27d8b15f35a362e535df2ca671b45c28a55188169a34eb73362f5f969ea110a722f0daeca8bd62e39a2e2535d0a9ffa7d5cadffd7b301a409fd71cc5b6c81df8
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLsIFRD+Vy2L1IFRD+Vy2A:W7ZppApBULcfpHLcfpyDORfRJypCyp4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3859) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Microsoft.Ink.dll.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEODBCI.DLL.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\RequestExport.mpeg3.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	085a1c45db973f579d9c42fbfa347ec0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	085a1c45db973f579d9c42fbfa347ec0N.exe

C:\Users\Admin\AppData\Local\Temp\085a1c45db973f579d9c42fbfa347ec0N.exe
"C:\Users\Admin\AppData\Local\Temp\085a1c45db973f579d9c42fbfa347ec0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
52KB

MD5
e8146723bf288d68cb1369d51c9ff780

SHA1
8ebda2879264b1e2d0f3629243ab0dfdf2a50e2b

SHA256
d3d4e7c8e791948dc2c46b510f6ed77757c81950103cb08dd79e40c922d536df

SHA512
82dfe4991ef1d661356fdd0a0b4261df1d9ea910f6968fd7edc2506ec4be54ce564f6852981eafc60ab50d5b44e0ccdd8f0c269f993bef26df425aba10446817

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
82be98bfed5b35c8b9f27e6624f0723c

SHA1
94b0551250d0d5cab963ba1a7201eda6044835be

SHA256
d1c2807394e441d592ceaaa64b7a42e5414669af84ffebcfc17f3befb21501d3

SHA512
bcd0f7ff880328032e77a892f224afc621d8337038b0cc89603e1d65bfa3009902ae94aac5ce6faed2530835f94a1923dbd4ea38af70b0d4a9dc91a74f618828

Download Submit