db8046913a7a8a63fcb2766d5a0721c4541a9ed38a5607661a947bc6ef2df4c4

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b32e3bb50939d30c6da3a3cf42370490N.exe
Size

69KB
MD5

b32e3bb50939d30c6da3a3cf42370490
SHA1

083b57ce7c1b60b928e9c7a8accc47d0c7d86506
SHA256

db8046913a7a8a63fcb2766d5a0721c4541a9ed38a5607661a947bc6ef2df4c4
SHA512

93f423187baa43255546866c22236a51dfc9124e33c31e40f08f6d62f6304eb86d0d6dbd4c457712622bea80546fadffd0166ebc1f87b14f123b81ae7dd69565
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvu:6NLWpCZIzjwHwA

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3136) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\UnregisterExit.ogg.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	b32e3bb50939d30c6da3a3cf42370490N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b32e3bb50939d30c6da3a3cf42370490N.exe

C:\Users\Admin\AppData\Local\Temp\b32e3bb50939d30c6da3a3cf42370490N.exe
"C:\Users\Admin\AppData\Local\Temp\b32e3bb50939d30c6da3a3cf42370490N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
69KB

MD5
aaa7978e3cc5073887ef5b4bacce5081

SHA1
d4889170f83724f3161c82607a1fc0d38afaaf56

SHA256
2daa6ef9e34744f687a3784aa015fc43fdc3753f180b30156463f88d89ae9728

SHA512
bd515ff692e55cfb83165ad60231c0f57230908373b2f411fca3d2db4d320ceeffe4f113a8809964556fa5039649f724b62cb91d47360ce752f39426b13fa96e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
6e4d8a295289973038142c94b3388043

SHA1
d9bbbca833b51ca6531f4573872f6d3fcf98d4fa

SHA256
5975e0fcfc66ef8b4c4a3c1575c98c6e074e65e47270c1da5514842f8a5e7003

SHA512
749660b3f6c8b79adb3b1e45400307d88439f245b16cab16311527e47bdca898f5d9b5347c1bd3f3b3619476d8fe86b8fd1d09043e0291f2c4e6bc32d16d1a81

Download Submit