de047c5cf8031ead099a0643a342c056ff07469cb56b8c58ff3044a37657484c

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b095a141fbf2f24dd91a78e3ce46d7f0N.exe
Size

49KB
MD5

b095a141fbf2f24dd91a78e3ce46d7f0
SHA1

135d1efc233e155cd2c697fea07a6637973a6c86
SHA256

de047c5cf8031ead099a0643a342c056ff07469cb56b8c58ff3044a37657484c
SHA512

8c369fa5173a7c8cfe7aa669e5d47f7416846baf0f39e7db725c0a48d618ed969097ccbc9690d0b93e1ab7c649673da3ff542ce4c33374380e48781ba66be0a2
SSDEEP

1536:W7ZppApBULcfpHLcfpyDoAQeLeAeLeJ0HJPWyPRsJPWyPRP:6pWpBwchcwD+hmh1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	b095a141fbf2f24dd91a78e3ce46d7f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b095a141fbf2f24dd91a78e3ce46d7f0N.exe

C:\Users\Admin\AppData\Local\Temp\b095a141fbf2f24dd91a78e3ce46d7f0N.exe
"C:\Users\Admin\AppData\Local\Temp\b095a141fbf2f24dd91a78e3ce46d7f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
50KB

MD5
cc138fa0347194139c9ee37b956ecb93

SHA1
7f67c74cfc26bdb8ccfca979f2ecd726aeeec4e0

SHA256
992bfd5f69d51311e3625fd48345824337e99867a4d3fb4a1eced2b4f57da0fe

SHA512
f37334465326be97950d8239bafd2a3d77c989ab5effca80985fb53228cdba86320a7c461d5af68eb9ac9305a679b4dedf4bd22c0618260b2751df121fb3ef2d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
ad4ccbbe6d414f5fcbaefdc59d7af4d1

SHA1
c7028641a9ef598d23d7e9f6203ddd8d16afc1d4

SHA256
9a5e78f0ab17e07c0370f265cbef993a59822d0317b7bea0f09c61172c97ecc0

SHA512
62193abfbb026e231266d9c3fd7f6f31c40fdad2309c8e636f34f93f1a3a0b01003abaf1111395eed6fd40c1c78669e76c6aa6a7c5f40c8ec5518acf6f60b4f1

Download Submit