3e24b3d0ba5ee111066828a5f9de7c71e4bc077c534bcb0e6e2ed09653f507d3

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05b2ed8199aaaec54e067c6848bc4e90N.exe
Size

45KB
MD5

05b2ed8199aaaec54e067c6848bc4e90
SHA1

72a3dff2436697fcc5fd691c6bbee4704ef21864
SHA256

3e24b3d0ba5ee111066828a5f9de7c71e4bc077c534bcb0e6e2ed09653f507d3
SHA512

55daa0c202d2c73f1961789cae1de13b4ee8da398f1777994eb8bbfb25d6b88e613abfecabd5d1c7adb6996dbc7e4a3d97cc44cd143f75652ce79d8bc6faa23c
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyUA9TE4Fq:W7ZppApyVyjVyJ9T2

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3377) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\UseInstall.midi.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	05b2ed8199aaaec54e067c6848bc4e90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	05b2ed8199aaaec54e067c6848bc4e90N.exe

C:\Users\Admin\AppData\Local\Temp\05b2ed8199aaaec54e067c6848bc4e90N.exe
"C:\Users\Admin\AppData\Local\Temp\05b2ed8199aaaec54e067c6848bc4e90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
46KB

MD5
d3741a6cd856a9719c6c8b2bb81dd4cf

SHA1
bd630f73400c9dbca0888b241660f65099373dc5

SHA256
0623ab9bbcf6b4d3cb2eadb3f9841d952d6081433dcae4383299aff0b6fe378a

SHA512
27b1b6b2d50a5b1b1db974a72326460f58aa74cd1ad460a4e075a4ce9a409fd831858b91fb912650ee322de0d95c65e3526d3b59fccd6154f64fc6bed3135aa9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
3b6d76725f582e38f90b16d88bdaad68

SHA1
80cc48f888bd17f813d9a7f57224d42a4dd44758

SHA256
fa3c2df6c6f17b3bd86d4c44907b64263359198f9e6e1ea8182087f29ba2c21f

SHA512
afffccb214ff879af6bf1333f7dba59eb97ce0ef32720c934bc58d3cbf552f2ad77d2958705a8f1580fe6bea4767577a0913ab3808eae670197a42208f078ef2

Download Submit