0544722bc2d2891ac46086e9f03f2fce7d1b03a920697cefdc1a150d7c9a9e63

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3fce07af953035a7cc2b69b0c145540N.exe
Size

44KB
MD5

b3fce07af953035a7cc2b69b0c145540
SHA1

dd155904267ed9746cc5dc679291e6cee9bebd3b
SHA256

0544722bc2d2891ac46086e9f03f2fce7d1b03a920697cefdc1a150d7c9a9e63
SHA512

f0102eddf9228d35303c191be2a0ed37d35613f356a22eba2667f7e9d57b979b8e5933108ecb65bd8eaa546796999ca2b320a8866906c2e90b56bd88ca8e3b05
SSDEEP

768:/7BlpQpARFbhJ/lBEKxVTLJtxoVz8zJUDrYYaCusjLBEKxVTLJtxoVz8zJUDrYYA:/7ZQpApdEKxVTLJtxoVz8FUDrYYaCus3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3287) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	b3fce07af953035a7cc2b69b0c145540N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	b3fce07af953035a7cc2b69b0c145540N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b3fce07af953035a7cc2b69b0c145540N.exe

C:\Users\Admin\AppData\Local\Temp\b3fce07af953035a7cc2b69b0c145540N.exe
"C:\Users\Admin\AppData\Local\Temp\b3fce07af953035a7cc2b69b0c145540N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
44KB

MD5
e5801c9f1ce66089af3cb30beb584906

SHA1
c16dbb673c5a42eb8cef8a60d04cab0104ec7152

SHA256
2454b00757e9009a8be7cf11eecdab1de7c142b7bd95d023a11538e292978ee3

SHA512
4db0dd723fc8284ffbf04a69fbaa893b9b1e778b930e9a28ea79603bdc437a71acd2fbc8cffc7abdee95ed56a2f8633cc402032a41fde7551f28a676f0f0332b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
640962effef5793448df4ad449ece93e

SHA1
3694563586a22fb3a79e49cd519dd95baee6bbdd

SHA256
12bc7ad29587e015e1159979d269686070ec1bab5819cb44093e4e6798196d59

SHA512
abaabc49ee9701ddaec9b7c82d82ff0b6f6619a3d22097f5d6f20f4c97ba9601ef240e665d1ed3e1ab324f4b1592059956a363a60b12b2a9840e7fab0b862e0f

Download Submit
memory/1968-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1968-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download