b9fbbc9619697dbbe86d020585209e1d848d9439523ae48bae91655c1d9e3396

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfb2a37bd75bda8f84352365e6806c90N.exe
Size

201KB
MD5

dfb2a37bd75bda8f84352365e6806c90
SHA1

fe60a934c05556f9b6549666b0f2aedd0c091ce9
SHA256

b9fbbc9619697dbbe86d020585209e1d848d9439523ae48bae91655c1d9e3396
SHA512

f59049fa3910dc2df4b0224019bb30573b9bd944250cea02fd835cc4a95ba8d400a433fd14e9314da2cddb29ee387e9bc272189c6c36bf62ef17f7886131ffa5
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzki:RqKB+tOkWKR0iJ0lTzki

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2643) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	dfb2a37bd75bda8f84352365e6806c90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dfb2a37bd75bda8f84352365e6806c90N.exe

C:\Users\Admin\AppData\Local\Temp\dfb2a37bd75bda8f84352365e6806c90N.exe
"C:\Users\Admin\AppData\Local\Temp\dfb2a37bd75bda8f84352365e6806c90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
201KB

MD5
df4e8d66633f9a46a0c4ae6db91ebda3

SHA1
e7da953b97dfd8924894fa44037484d567e6d5a8

SHA256
d9c7784d98187f7417e3df5a51cb700caa28f36fe2a0c0dfaf91e2a5efa3290c

SHA512
49c29d433b773baac7f7e0effd9e3f6337dc7f289bc7776cd96f3b7dd8e7cd204ae393e2a49387095408884f5248c0d70727376278f55f1d212e94d2dc8349e0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
210KB

MD5
be11e2fe53943752c785d1aaca3f5b57

SHA1
3d977e04bcb5b58c614b958e78531730117f26b3

SHA256
8435ac0947c9fe392be0d4a2969b4b88fa6aa93452f1f85694fffda93709c6e8

SHA512
58ed24eccc8812b7195be4c3e95e60a74042542bb25aeba9f29f1e63524c19919abdb77487a5394f4fb2be604b7395cbecffcc389e37bc913cc8b02d54876013

Download Submit