005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-08-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
Size

41KB
MD5

2a1ccf1bae51c4dc37b041c960a1b922
SHA1

866fcfe1e9a57394e453f583b4be237499d7ba50
SHA256

005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d
SHA512

953dbc4d08edeb36d85d01574407762621766d30d7119d51a62c1b12b327824a98a336a19a9f2823b53e14f72e5c694c2632f77ddd4fe5f1e6e575bf89358ba7
SSDEEP

384:GBt7Br5xjL7lAgA71Fbhvt3a5LZ7x5UR7x5U3:W7Blp9pARFbhaWTW3

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3784) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWDAT.DLL.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png.tmp	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe

C:\Users\Admin\AppData\Local\Temp\005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe
"C:\Users\Admin\AppData\Local\Temp\005bfa9ad0445307784e7697c5f96feead20750eedcf8539e8a7ca3801ed315d.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
41KB

MD5
77929eaf854d72c6b4dc32511208e656

SHA1
c3405983d41de9ef4dac87a6335a7baa43a54708

SHA256
f194ad9791b11d9776417b397a6df1ea2519546f97c82bcd5b5f5f5a8db7f87e

SHA512
7be4cfccc0d136656d4d39b35af77db353012416f12e7eb0b65d2f2ed60a3d594afc96459f9c1689c21c40324f414a5fe58aa224ae32c455bf348196de093ad6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
a3a73de7841ad312f0170fb48a3b7717

SHA1
3286d7d2f117bd70ef2df469d50f6841776ff609

SHA256
a1783478f41c776726f6b0c277985f074440c18afc6399a3857e693a42745faf

SHA512
581a0c5015900e593a69a8a7545751b5f2b1df5bb4a8fba7b7b676c8b855c82b6ac1209b6453562522301b8f0c040338595eaf2b9cd8ba7f1841f119a65a467e

Download Submit