be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
Size

94KB
MD5

fdd889ca28313b525ef5593253cf9270
SHA1

f5dced140595bddfbc7c9f492038cda144cc8ef3
SHA256

be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354
SHA512

af8061fdaddaff4deeef20d7e5221b4bb163ed2e61f0def1b864c13e80ff7cef22c88eda541dc29d5981325583499239fa2c4742f039305334bab6e16899e21d
SSDEEP

1536:W7ZhA7pApH9QHwtRF9ESWu0SWujodsodaNovTW+SPL+cycWAF689iladwEbdwEV:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL97

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2960) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe

C:\Users\Admin\AppData\Local\Temp\be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe
"C:\Users\Admin\AppData\Local\Temp\be446baf9921f26afee68b0a7ef47a204f7f4a2e9d9a8d85458b818b81fbf354N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
94KB

MD5
cfa4f7af49810d520797ca4e4c439205

SHA1
936abfacbe521acdf0e99eb0adc7aa64a5fa4274

SHA256
d57a8cca3e428d1e07ef16de6c8990c55755424d23feedeec86e31607a0315d9

SHA512
6b8831f2ca42ce63af5731227f210bf3834eee3b367266ee459147388f1dcc14da12aa2d828b3d955a784742e6dc4f47bb04d71646fbb48fe91f4aa501bb861e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
65bc3fb95077cc1b7cac65cdd052a60e

SHA1
1030f64518f857a7adf84c7ddddc2dd3a537c275

SHA256
9270a8fe8da18da8822a280267a7485ac1e19c24f2a74dfce073bea47fb392fa

SHA512
b2fe121c6e51571a0ff312bd13273a7c401aa34e16a19995322c94dcf79f6cc2b21a2d7a7b13fc9a09716a3f5cdfa3437fbf69f84bdfcf727afb430b2afe9fcf

Download Submit