2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32

Analysis

max time kernel
119s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
Size

61KB
MD5

f3e7fb285b3d0c7b0d8e03e71f099e40
SHA1

c6cb12d5f54acfe41fe9e5188828a650a4302f11
SHA256

2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32
SHA512

9ddeb90822c40735976a49672e23fa0d365ce53d2c9c194eba7411f239a8d8b53b322c996658adbae10f503b23a63250fda16d52a947fdc92d1ebf3beda95629
SSDEEP

1536:W7ZrpApojswv0EhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsoo:6rWpcsHEhLfyBtPf50FWkFpPDze/qFsN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3147) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe

C:\Users\Admin\AppData\Local\Temp\2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe
"C:\Users\Admin\AppData\Local\Temp\2fb61b4c8541afd1fb411590a63b9e828b1a278a3a9b5046a91a913b44f86c32N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
62KB

MD5
b32114a14a5d51abb3acd45392835c91

SHA1
c68e68d7612f71220d7c35644376a018a4febd95

SHA256
17b977460ec7a6265c740f31dd35b981a9c0d7ac15adcf5e5c4fa618c5fb62d1

SHA512
7a16d6c15b48f9609f75983549c990438d278b8a8186f9e0e3e5dc5c8bf04542462b8c69918eea479f80ec84c5de6b3616e36b1078eef280dfa59d27ddc0377f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
6c3284b817e52b3b34854a509ea34fc9

SHA1
653d83740ed96481cb3f1aa0793c262182d16696

SHA256
3f4028ec074e6928c0af34ac59035ea461bfce000eefe234b1dfd4be7ac4cf29

SHA512
ac477a932bffe68df603748a77c0bf75acff5e5cea3afd473faca8f44a8a3ce0e2ee391090840e1bd82540e15c38cff48f26735912e4d305fa32a12e3c9229b7

Download Submit