97a392f6aa03c518d3e81c3da4f1b8540d32fddbb8122f82257e20dcd88fc818

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0c85c32c74151c2ca025d4fd81a4240N.exe
Size

42KB
MD5

b0c85c32c74151c2ca025d4fd81a4240
SHA1

65b70a5a7116e1ff90142b17d701c0484f5552ea
SHA256

97a392f6aa03c518d3e81c3da4f1b8540d32fddbb8122f82257e20dcd88fc818
SHA512

9f9f1b2be939b0e482bf922e4a7f6e0d58d599ccfd9e828d4c70cac6ed7571ace4ce89cf4913bf6ced4192196085f1ca44042b8092f0ec196d5f2b0d9c99a5bd
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvZ11F1NE7/Ez:W7BlpppARFbhjbhT1F1D

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	b0c85c32c74151c2ca025d4fd81a4240N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0c85c32c74151c2ca025d4fd81a4240N.exe

C:\Users\Admin\AppData\Local\Temp\b0c85c32c74151c2ca025d4fd81a4240N.exe
"C:\Users\Admin\AppData\Local\Temp\b0c85c32c74151c2ca025d4fd81a4240N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
42KB

MD5
0e392b165a96ec321c7311ed6e9df52d

SHA1
91dbb08d245f269494f387243f7861fd2b851539

SHA256
c7253959ef744623cf518dacb7510169761a50eac2996d4334a4d494b60773e6

SHA512
3c0a57bf322db742515a2366e9dcfd8422b2396eac175e86521a7ea51752320b4e33984f40eaf6fdad94cac622ce788cd2b690211365ef196628bf9a3c017afc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
1def35673624302daa4e070355f0fa3e

SHA1
e62343d34fecf1982e10d6e0c08a4514c3ced998

SHA256
38b18531a5b16bca2f093466360b7332655e57a0a78991bcfe54e3db16788fb0

SHA512
1281dacb3d76ffa4ce34c4eb2e76ba1f2af9eebf71658cd2e6e3a088926d3b87f7503d68bb5f8a1e60915ecf0a8f549587adea184b9b449573c3c02566217ef1

Download Submit