b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2c

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
Size

55KB
MD5

91467d8e8dc3d2dc605e809d3be0bd00
SHA1

c9128fcd471f53ed5a926ef9c524de9032b563bb
SHA256

b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2c
SHA512

750516474397fb73a9b398cc05a2cfcd2a502c5a78adcf10192eecd59bb5183326ee3d291e407a5fa27b70ed20e11dea46e59c8235db39628a7115681b9979ea
SSDEEP

1536:W7ZppApBULcfpHLcfpyDA6Uh3tS+AtS+QZVLZV1:6pWpBwchcwDOZVLZV1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3218) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe

C:\Users\Admin\AppData\Local\Temp\b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe
"C:\Users\Admin\AppData\Local\Temp\b05f8c5552d76480c2967241ca029fe2f9c8bc87713b09b9ae7b454013695d2cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
56KB

MD5
a3e8800064b7c913a48f0156b36498a1

SHA1
fdffde37d3c475a749ee1d2d5f87c2755ac88d1a

SHA256
05e0f69c8a76b2c79449207038b1a8f35c7bf96d75b93a2c979dc69bc2cc06fc

SHA512
7a9aa6cabfd802557a3ceb97032f2474dd87742a57583b3abdd616ddad9ab52667132ce29d187095c314505565b87ce34a6b2793ded9d1cb0b85aca064d9c21a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
1436d52c6ac69833fb564e00313be0e7

SHA1
4d9e51648aedc0c2bab41de25a96c150ccdb4a3c

SHA256
e2cf4a7ffeaca3da041bad3ffc11c2e0b123a35f7dd3997b81827214c58ed0be

SHA512
185f1d58f6c35b7afc383bf72f0a3fc83e793f940941c6cd5220d86356e96973729a9f50608c3191da92a3bbad9d82f82411f9714f8f4a8b41f12d99f7e5533d

Download Submit