31bd6d94206fda41ef227a6c2ec6ea3e5ec8f8e18eed311e2a9658228279a7d9

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 22:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b54e24e76770413947186da0bd745820N.exe
Size

46KB
MD5

b54e24e76770413947186da0bd745820
SHA1

a043c188154962901487bf7dfd3b8c69da11e0b0
SHA256

31bd6d94206fda41ef227a6c2ec6ea3e5ec8f8e18eed311e2a9658228279a7d9
SHA512

48ea648c65f4889ee3e0ea518c871ae49709d3301cf1cc44479bd148882336a733d28d82565c4be258ffafba990b7ad540a2a1afdbe3a77fe3700ff96f31dc31
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyumxubmxui:W7ZppApyVyjVyumxubmxui

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3273) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\TraceDeny.zip.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\UnblockSelect.jpg.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	b54e24e76770413947186da0bd745820N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	b54e24e76770413947186da0bd745820N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b54e24e76770413947186da0bd745820N.exe

C:\Users\Admin\AppData\Local\Temp\b54e24e76770413947186da0bd745820N.exe
"C:\Users\Admin\AppData\Local\Temp\b54e24e76770413947186da0bd745820N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
47KB

MD5
f6510fb118288a6209e09df51b0b1981

SHA1
1284d960239ff3252dd39bda6bce0ef7f63c5849

SHA256
e7768a80e6c82eb64a5dbb251029fcb409732a7e6c33d04ed0b1d8d5839eb51a

SHA512
0e41dd3273f091842428ea0ca7062d97c7840538bd73a4793ada8205a264672699e3825cb322fba704282b408bf653ee9bfe9c99a1668d3e55d3d99377b61676

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
da55e7d7bfad7f74c74dd7966ad32ee0

SHA1
0b8a4795605c595ce61bb5982b3cb935b032b84a

SHA256
29dba70039e8dadcf921fb2a008e84d2b988deab4f2da80d75a4ebca531b1220

SHA512
3ed2f9816e4894415b32e89a6c3c1f8165aaad8ae09c1dc05dc3fd35370efbf089cf728a650318e5ff87891610b3908b0529480826e447daca0879168907f038

Download Submit