8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946a

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
Size

53KB
MD5

abc51e193344e19b53946cdf04db61d0
SHA1

57593929dcdbb29c0cbe85908e61d9e1da259420
SHA256

8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946a
SHA512

fdde49f193845c5d46f4992fe2dc4ce404ba8cae73aeee86849dafbb23bd72327c17ccdb9998dd9deb9d24431dbc0c57d25af221570e6561e3de6397f7289058
SSDEEP

768:W7Blp+pARFbhBgnKL+8t8NZ/JytMJytvYFsKVlwN:W7Z+pAp2nKLQJytMJytvYRwN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3137) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\ConfirmStop.lnk.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe

C:\Users\Admin\AppData\Local\Temp\8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe
"C:\Users\Admin\AppData\Local\Temp\8bb455bfbfdc29e9d7af7ac5b1e135c55a5fb42ae11bd1f7c642282bade2946aN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
53KB

MD5
e39ab8b449c2e34b7ca2c69b94e28ad1

SHA1
545b538269fb1b7228dea4f07358d09a6b6fb45d

SHA256
01e4e592a466d7dc21bdf5150637d7c54ed4d97b2fa4fdd630ddb72c2f3b8ec1

SHA512
754d8470d36a645355620358a75e1ff0239a4c1fe2fe4ee661bab5eccda835bf8ea50044c8b52540f2366d5d714b3e816ec3c6bd9eb77dd9a06ffbedf6e3aeda

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
458aee12b2b333a6413095d2eb2f20f9

SHA1
6f089d393571a83ed80dd1cb57de90ac0ef74cf8

SHA256
ebdab33ca7de05a0bfbe7eafa7ed72bf3b224b4f837adccdc0d534609e75b0ab

SHA512
8ddba7eaaaad759fa8875eeb71c5d381ef5117b99e2fe4d2e833c2460e9aa8e1e9216ff3795e6ccad223e0d7faf32781df102afa9669ef3fed41bbc0285f05d2

Download Submit