254f40e08e66e263c0b74504d5b66722479dbeb0beccfbb814df9ee70cec0fe0

Analysis

max time kernel
120s
max time network
24s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1bc2f714031ea6abc20da8197df6ca0N.exe
Size

99KB
MD5

b1bc2f714031ea6abc20da8197df6ca0
SHA1

66efda94508d7ff05cd24abf47a11ecf46988902
SHA256

254f40e08e66e263c0b74504d5b66722479dbeb0beccfbb814df9ee70cec0fe0
SHA512

767f1e65b0e02d3cee033d7a7c69600d628cd7d6d8c484e5ac7479c0c6b1684a40cd6ca72f3464153d6645411e149e00a469f6939bbf532665b1adcf8cba32cf
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUf7XQex2E5f:69WpQE0zUzXv

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2922) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	b1bc2f714031ea6abc20da8197df6ca0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b1bc2f714031ea6abc20da8197df6ca0N.exe

C:\Users\Admin\AppData\Local\Temp\b1bc2f714031ea6abc20da8197df6ca0N.exe
"C:\Users\Admin\AppData\Local\Temp\b1bc2f714031ea6abc20da8197df6ca0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
100KB

MD5
3a5fda1d04f71a96f401d18fc1b97818

SHA1
fa0712361c5306f75daa8bdb013ada89498b1dad

SHA256
a02f17d862536458f93c49891dff13e8315307a62bf8767e82c788e349ab33dc

SHA512
f066502974b315cdc131dfc40cbdf73c0b8ba67daf521bd937a9ca9d99ed78eea2dda2e514092071eb5e28a5b300fbcef8d1823dda5d6b0667ff97c24dcf5819

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
108KB

MD5
6b158307efd90ed04f4531643ce6811c

SHA1
ae437cf2e41576457b927a7efa9d0855e602b728

SHA256
742b0c6952ccc2b31052bb080ec8f9b000c7a97c081f3f79f26fbbe11436ea17

SHA512
7d54fa659107b928750c9afc53afed5fc163801838ba141005527dfb70f4893cbceddf6a01e4791666927c855cda109bd76ba4b7404635cd6877cd35e5533092

Download Submit