ed6b488515c0c27c4cf2a255c038754ee058ff912c0d5112c71ee12b88661ed3

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba3c16561b9c967b4f44380dfd8795a0N.exe
Size

39KB
MD5

ba3c16561b9c967b4f44380dfd8795a0
SHA1

dcf9ef12fbb388543ae09fc2259eea64f878c1d3
SHA256

ed6b488515c0c27c4cf2a255c038754ee058ff912c0d5112c71ee12b88661ed3
SHA512

6f7a52ade6b72e0352eec651f60ed141a18fb55f54a76df9c7dc4eaaa2b6e65b1f832b7b51aea567c13972a93fb650f4800a081aa4aadb0882f139589f2b5e76
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSn:W7ZhA7pApM21LOA1LOl6vSn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3261) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\ExpandSet.vsx.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	ba3c16561b9c967b4f44380dfd8795a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ba3c16561b9c967b4f44380dfd8795a0N.exe

C:\Users\Admin\AppData\Local\Temp\ba3c16561b9c967b4f44380dfd8795a0N.exe
"C:\Users\Admin\AppData\Local\Temp\ba3c16561b9c967b4f44380dfd8795a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
40KB

MD5
779aa47fc09a607f874b79501d2bd604

SHA1
070d59510994397bc8c0768149da4ce54b0d6a8e

SHA256
d88cb3b3908eda2aa651270d54793d4a885b35b8f90bf0a84e5dd9aecfed6c34

SHA512
272ef0f80e83fec0d1f9455a5e7c3b561f7ba5c6b5d2ce3d8e1b6eb8787d20a6508bf64df777990a4fde29ee5894c8ae6d4ed7dcc870990e0bc8b38fb6adc2c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
a38d72dc20f6607314e1647bfa20fe35

SHA1
ba3621e1c234ffb937906504324ed441b3961cfb

SHA256
de48445bb7ab84704e1b31a2241b9d7586f92aa58227f951cd635ce194e9402f

SHA512
70aa352303f664f98de8c39c9e064fe62994c27343544578da0c2981bc2b3293465beebc9813e3437c6dae96c4e8c0a4cc5fa8b659f760847320bd5c84c385f6

Download Submit