b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
Size

48KB
MD5

0e4bc37a74d85522b9fb2cc888759da1
SHA1

348927d94b70b1cb251d2d232a053c0a241a8bb9
SHA256

b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f
SHA512

72954851f2eb92610220aaf09a237105e437370989fbd87e8fc53ed6ba7d974158b059c37a75b99080f73a33eaaeffe08d1f241ce5d718294e564729979eac22
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLe:W7ZppApBULcfpHLcfpyDx

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3772) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\mip.exe.mui.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Media Player\WMPDMCCore.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe

C:\Users\Admin\AppData\Local\Temp\b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe
"C:\Users\Admin\AppData\Local\Temp\b65bd8ad2117598f47808cdfa2daff1897e706119055db2ee36a2f34e54f8f3f.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
48KB

MD5
9ec24f21a35ad44f5a67b12ce79884be

SHA1
b5dc77a49272ada1f9cc2339c6c332f3e0cfce78

SHA256
da1f6f48aab50b08e520b036ed80a7d76f5beda4abecaf085c96688f6a1488b0

SHA512
74eded11de660a89612aed4f24e132f2f13e98e4e694010562bbe762181559b812208cc5f14257f85cb425263f251ee8fb27da78cc39f5cc54e9c7826600e1e5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
bb7050e94f57b41af84a63713d1e7e54

SHA1
74e765b8b94805076d9fbf14e4c31746fc06d7dd

SHA256
7c398c7f5a0faf615895001732b03d7e1945b24f2fbacc890c3915cd8c13d851

SHA512
7543f16ab7afe859c8f20fc2592e378547845bfc587b7f9dd9ba2186859148a4dfa749eca440d58e5144017c7a59401e8def6247d75f9611d57ede6c668b8361

Download Submit