696abb3f22072d1a0a8f887cf042325d8436f3e8a3f2747573b45401482677d6

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0379eeab95ff97a5519c7563b6a42d0N.exe
Size

62KB
MD5

b0379eeab95ff97a5519c7563b6a42d0
SHA1

a0d44b28f072ae71ef458feda628331243e5f65e
SHA256

696abb3f22072d1a0a8f887cf042325d8436f3e8a3f2747573b45401482677d6
SHA512

03ba7ee6fcdbe9a7b260b30de4e591599c3e13fd0b45fc998c35404cbd59d50e08ce8b42095be9f342558109555d5041c46b98ca2a94069f6f48f63158b8082c
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw70EXBwzEXBwcJdkCKPuJdkCKPhSbF4SbFi:W7ZppApAJdkCKPuJdkCKPIpnpi

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3263) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	b0379eeab95ff97a5519c7563b6a42d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0379eeab95ff97a5519c7563b6a42d0N.exe

C:\Users\Admin\AppData\Local\Temp\b0379eeab95ff97a5519c7563b6a42d0N.exe
"C:\Users\Admin\AppData\Local\Temp\b0379eeab95ff97a5519c7563b6a42d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
62KB

MD5
cacfe00cbeda261432f7b353ac03f5b3

SHA1
d191c8adf458472a94f44dd237c1ac70c4495aef

SHA256
bffe93cdbc88866ef598fbd020870ab6437c617bb7cf3ebae2202cb854d646f4

SHA512
b0555437686230d4f2c0e1907892df6e4a3bba9319aac8788f788684e5d04c80b101504f7dd47799661f6947dd2ab4cc252022e535b8339411437a1192e23d6f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
85cce480f43ac4c6ecbc5fca14e9e228

SHA1
58ab6ce5c91acc695b06395b232b761699b74b64

SHA256
04f760f47c1a1f63ad5260b14eaf49348581b49386cf5d108b3fcb5761e96da9

SHA512
6970bbc2da46ade67c22b2dbcd0559306e9219e0e8dc3c381a9f61004bfc7f745ba3ec07b22e2ef619782e7b53e112d1d53bfbd308e351c99899f8583fd3ae51

Download Submit