5e06a76b1d5d9200e84dfa1ff3a15acfd519963048389ef16d1467ad78b46cf3

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb57b88046f685da3c68e7afbf75f100N.exe
Size

47KB
MD5

cb57b88046f685da3c68e7afbf75f100
SHA1

d10465811704968b48a11b4e063fb9a4960425a1
SHA256

5e06a76b1d5d9200e84dfa1ff3a15acfd519963048389ef16d1467ad78b46cf3
SHA512

252c923d1261a0c53d7d5311e1b5c29130289060c4503b4d31cf95efe9c5546c3fb22650a1f53efcbddb94ce67c4d34f9a60914b6daa4cbbf6540bc448db99b2
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSxTHTo:W7ZhA7pApM21LOA1LOl6vS6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3277) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	cb57b88046f685da3c68e7afbf75f100N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	cb57b88046f685da3c68e7afbf75f100N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cb57b88046f685da3c68e7afbf75f100N.exe

C:\Users\Admin\AppData\Local\Temp\cb57b88046f685da3c68e7afbf75f100N.exe
"C:\Users\Admin\AppData\Local\Temp\cb57b88046f685da3c68e7afbf75f100N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
47KB

MD5
3a2f8a2c09bde6273f5ad5d2f1f4ae68

SHA1
41b6c809033e83fdc80dbc406b68895f1de96928

SHA256
754b1cdede7b8b0dd13bcaa63ad1a0f11bcf06511768f52e1b8c86c6f95d388f

SHA512
229ff51bbd0d466f8cb1d28df96e7c93b205caae42e45bd76f6c2b5c6025397e7fed51508527dfa5b3349e3145ca96e115d79611471f51894d5229572c62743f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
4e7c723826f703d1ab7b644f41e6d6f0

SHA1
fecc673e29fa511d4276c102815591d5657aef80

SHA256
b858fbf6a2636ad9989aa703154bedf6914aa4f21713b076bc33f57df6ffb737

SHA512
8720990beca466ed679042c822ba303f04630a614cdafac06f91dd7dcdea134d55092f1e4fc14bc013e4cf75318a5e98d43a4495a1113ed79beb0f2081b0cfbb

Download Submit