749c8e561987b7d5192af9f54f2f01c8bb4962b490605514a35e01ea2903b259

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
28-08-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bf55559dcb9e30887695ef1a04abb20N.exe
Size

41KB
MD5

2bf55559dcb9e30887695ef1a04abb20
SHA1

8077a1d239de3830edb4f30be450e5dbbf4e6aa8
SHA256

749c8e561987b7d5192af9f54f2f01c8bb4962b490605514a35e01ea2903b259
SHA512

65405520e3d414273ac1547627e15a2fea51ed4ac09c4bd4e11cf0139d2d1c88fb3da49790a9155bd97412b8459f8622631eeeb48ee5c25ba1848e9c791fcd45
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/Fzzwzl83/Cqy:/7BlpQpARFbhNII/C

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3258) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7z.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	2bf55559dcb9e30887695ef1a04abb20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2bf55559dcb9e30887695ef1a04abb20N.exe

C:\Users\Admin\AppData\Local\Temp\2bf55559dcb9e30887695ef1a04abb20N.exe
"C:\Users\Admin\AppData\Local\Temp\2bf55559dcb9e30887695ef1a04abb20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
42KB

MD5
d2d763a646b75bb6767b09e73065007a

SHA1
6028ef4a313806ef09634fd23f7eb8edb3579305

SHA256
9b055338440f4e0e34980c37f85190cec2261ae95003fdccb9a1c0fefc343249

SHA512
56dc6fe582626f4782a20127691158c87ac4d03e8076120769710c15449653910611690ec4e4fc5976dd497a29d50248b20c807804271e02d263e0418f334b14

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
31f6e17a71be6fcfcf0ad7288cc62292

SHA1
ced985c2300ac5d5c36cca495f4d4bd78410f53e

SHA256
48746c49e4b746a131348b03da850e2bf802159a999b6a4da4e7a8ed3b556c85

SHA512
96c4c81b708c388f2efdee6fddce9b6dee889dc490cd2e3e5804c316918470d292856529c02cb2e915abdd09ff0e7bf5990b6082982abd73e528160557b4d9f9

Download Submit
memory/2232-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2232-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download