fae9747fba139d913505b1faa98bc04da6ab57ff4e47718aafa506ff00b1370b

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b95cd34e71920a0735d100eec88a5eb0N.exe
Size

81KB
MD5

b95cd34e71920a0735d100eec88a5eb0
SHA1

db4745747a481e4130683b3134d6b05aa4900fb1
SHA256

fae9747fba139d913505b1faa98bc04da6ab57ff4e47718aafa506ff00b1370b
SHA512

f6db80e24387b0f8d3e6168cd0e2312dd03e9ec6ddc3140049d3cb57653d500bd55bdea2ae79378537cf3dde01d3bf40348a020b937d9443d245c8c58ca1da26
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReH:W7ZDpApYbWj2WTWJe+e/qXhgb

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3146) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	b95cd34e71920a0735d100eec88a5eb0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b95cd34e71920a0735d100eec88a5eb0N.exe

C:\Users\Admin\AppData\Local\Temp\b95cd34e71920a0735d100eec88a5eb0N.exe
"C:\Users\Admin\AppData\Local\Temp\b95cd34e71920a0735d100eec88a5eb0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
82KB

MD5
7f40f3d445bad145dda9a97423a1bf32

SHA1
ddf983ea132e6bda8fa33bb0fc95c5fdd9bedd6b

SHA256
3354712f7ee00e2790aebd6dd618387dc775caed8fb4592768cffd0f514d3f5e

SHA512
b8f5abf6ce844a437d61ed1934598e73bcd70a635dc69c5a41f4d2dfed32404bbcac61e8e6f5e492791804957766d6ddb7bcb32f7366052fa572810ebb382a00

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
9ba574cb8b634d04f63379abf71ef4e1

SHA1
bc835e040ff4ba926a7c6c82d19b8789d06a7f00

SHA256
10c507580bbda4bfd014439840892a6fd6b9155ab41d24cf5b84406c4e68fcb6

SHA512
b321639141550d2cb78db0489412e180b06453c8ac9ad1fd22642a2dc7ecf96dba21bf320efb4435ea8f3d364f94c0034f47a316f8fa9e57de62f7f009d7016d

Download Submit