96a37f4ce251e101a2166e35e7986a4a8c83d1249b11d9c7ef038cf893b64c2c

Analysis

max time kernel
119s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 17:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7462c9a6267be44659af93f16db6170N.exe
Size

58KB
MD5

b7462c9a6267be44659af93f16db6170
SHA1

b3a4928f6280a52b44d8547e83fcb6584ba6ee30
SHA256

96a37f4ce251e101a2166e35e7986a4a8c83d1249b11d9c7ef038cf893b64c2c
SHA512

1c718164c739e9c1e275a2b820c36d397465d3d2673618e1bd5ed0ec5b13728d0e0fc5f514a3c0366e93a634963d41de1512fe91e6b03e28b4a38cf662638797
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFdqRHR0UkU1o5fOiJu6OiJfo5fOiJu6OiJiPjBvXO:W7ZNLpApCZuvIYXqRHRiePertvXtvk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	b7462c9a6267be44659af93f16db6170N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	b7462c9a6267be44659af93f16db6170N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b7462c9a6267be44659af93f16db6170N.exe

C:\Users\Admin\AppData\Local\Temp\b7462c9a6267be44659af93f16db6170N.exe
"C:\Users\Admin\AppData\Local\Temp\b7462c9a6267be44659af93f16db6170N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
58KB

MD5
f5e0154bf261581f8c28c799708038ff

SHA1
31ef8e2b0999d989783b12913ef1c8f5db8aef55

SHA256
661b25f95f3d5357d6d5ca2945553a87c33be6fa3ea69207e4af1abd233ed790

SHA512
b1fc4a563d5f58ec7f0ff4498c6fd14ae90a12fe5279207099c1c97385bf7af8a5c7d4a407f9e80b18dbdb5d8768695d5292cdb85a7bb29b11fbecbd98815796

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
74b739cb195874bf6bbdc3a174e47be3

SHA1
f13f151c6a3cb37451031dc2ca1dcc5e497dcc89

SHA256
e8804b4d1a2624a76a2ce7f49a4a8c1d401e50e0f7b4636241a0eae1a1836bc9

SHA512
2851ee8f9eb51f4b47b0a7566cf506247b8ad9254113e4b138d21d116da61f794bda8b30cbb2e5274742efe82cf78decace5bbba896b8048c2a7aa763233ccc4

Download Submit