7964bab9c9f43fa75b9f34b4cebba6d72275899862e68c4afdb922b50d5124fb

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-08-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4e12fe7025717dbbd940ad94059e1f0N.exe
Size

81KB
MD5

b4e12fe7025717dbbd940ad94059e1f0
SHA1

260a1945447e4c228ccfa5991cd6049b111c4a1f
SHA256

7964bab9c9f43fa75b9f34b4cebba6d72275899862e68c4afdb922b50d5124fb
SHA512

0790ffe46c6e8c61246f11f3887cb14c47afbe83b3fc34af0f50bbf9fe192682bce85bfe24b98a94cc35a47bc0d04b8ce5c2ec591add4453c1f5e141c1efe11f
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8IZf2Xcqv+sO9M:6e76mQSo7Zf2X+sO9M

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3114) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\desktop.ini.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	b4e12fe7025717dbbd940ad94059e1f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b4e12fe7025717dbbd940ad94059e1f0N.exe

C:\Users\Admin\AppData\Local\Temp\b4e12fe7025717dbbd940ad94059e1f0N.exe
"C:\Users\Admin\AppData\Local\Temp\b4e12fe7025717dbbd940ad94059e1f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
81KB

MD5
42ecbae13516b405235362bb0fb13c60

SHA1
d78d080136417377b31f96885f7f4c6e61693ca1

SHA256
44390db49ba4da2b0c15c7670cb48745f1cce925c0fb4c945b736bb1d484d654

SHA512
5bf523540157ffe3dc02248384390dd674a19d41f0e5b2fe824a65bdd8c5b830c8632ea7c936d22bfc9a741b2032376fba3b3238c98c81223db1786cf0182d5f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
0ded014d90b2b3fec8c7e3dab910d998

SHA1
16e603733a74610cc07765749fd7399e5870f729

SHA256
918f8e4800806ec424e705691070481b057328e475bc17b2b2ae2c7dcab50b23

SHA512
154f53c45279622e33e5cf942ecf6c73997a65ed42db1cbffdce8b761b1bafd4d99112d305a0e77b486e32830e5a08f350609141ecba7e066f8e28c2d2abebf7

Download Submit