b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-08-2024 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
Size

45KB
MD5

86b646495f842f55298cec9223feef6d
SHA1

3af4e40a763cd27632906e45591508ec5938ed38
SHA256

b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf
SHA512

9ee68a7b0b13122e02cd82d0eb311817f9a4372d32db57964f858899466bacb8068fe3e7c41a1438d0d369a59064bf217788953eaa288dbbcbc447ed50ede6a3
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSccy/Gum/GuZ:W7ZhA7pApM21LOA1LOl6vSccd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe

C:\Users\Admin\AppData\Local\Temp\b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe
"C:\Users\Admin\AppData\Local\Temp\b36d74edef9f83e84c3cdd1f6ebdf06f8841278614fdaed42b66cfffc6fbc0bf.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
45KB

MD5
ed084a8193fa5c97f9fb1aad4f3c09b4

SHA1
c542fae497a73fc78528e1c5ad0930c61008e94b

SHA256
df267831be3952c8ab41bc22447dad7f1e6c0545c3e6845939498035c339eda9

SHA512
5691fd9065af9eb5e7beb35487b51dbff4e360bd6e9a5728811d07750f488bbc4378fa1f728eed78c5ce95cc5c8ade042e88ff11d345598e2953cb2e7987f282

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
5514a0e7875f8cbb414ae076f94abd98

SHA1
d34e6d0b75b42dfefbcc8a23ce21a3b742f66be3

SHA256
048ba1b6e1eeffedd4f79480647b601160228698edb566b499944f7187aa6411

SHA512
96b03c0da189a94d5abdc770195eaf6223f548316d5ce538985fb34b285122b7de9dd89181cba583e1c7f91e5da0c9ab4a40fa453c339f479bb81e5a7c5b002e

Download Submit