e131e0792cc7507953ae09c9c5b4e379a902c72af5132105c2c1de0194bf5891

Analysis

max time kernel
149s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

L9ENCRYPTION.exe
Size

147KB
MD5

2fc7e0f791e701f4a535d8207f3f8527
SHA1

454056d035722b84e8a149c1c5379333f0283d8c
SHA256

e131e0792cc7507953ae09c9c5b4e379a902c72af5132105c2c1de0194bf5891
SHA512

b4cec9eddd439638dc9b1bd7de18830a1861a36e63091706ceca10889d2876b5e69b86dfb3c9889911d878a1a2c1af7a243d4b38b7f07f13dfd0d2bfa2717bb6
SSDEEP

3072:5wcjfeefdTD2n5/Ar/BeeGUMzJP5L52ES9xyKcFxwWfwe:5wkVLBn/MzJP5L52EUxgvTfwe

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.enc	L9ENCRYPTION.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.enc	L9ENCRYPTION.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.enc	L9ENCRYPTION.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.enc	L9ENCRYPTION.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.enc	L9ENCRYPTION.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.enc	L9ENCRYPTION.exe

C:\Users\Admin\AppData\Local\Temp\L9ENCRYPTION.exe
"C:\Users\Admin\AppData\Local\Temp\L9ENCRYPTION.exe"
1⤵
- Drops file in Program Files directory
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.enc

Filesize
558KB

MD5
a827ed08516a79eb41bda9b1351ae3f6

SHA1
0cfa9490b51d4759e506684daba6004c45bdd5be

SHA256
2ac5a5ca633135c22b4c1f2b6f6d3b28424c64b742ab86a20042011caa58eb42

SHA512
b03d3de2061f7bdb74cdc2049aec29d1245e55f477631ff43b605b33d258beeab54f2bbb07b0688b228010b02f80705ae90ab761bdb1e823d03ef457079de1e2

Download Submit
C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.enc

Filesize
95KB

MD5
d3f3d3f03834f0e574c0154feefbd7a8

SHA1
1d86df7ef81a2c1484dd62fcff25ac7d535ff30c

SHA256
9013ed0169440afc49aa59f36e03b40d79bea17d21eea52dabdb24becf03442f

SHA512
6f23733ff927415e08615eddcbd7d4110108f31e64059f58de5769c590b92c3641dafd4f9d15690384464ccfd2adae2d6c05483e63b28ca2db128513b3e94279

Download Submit
C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.enc

Filesize
36KB

MD5
11bc468683987e20e3835bee2fd123f7

SHA1
aff996ef6b749d41daa7def01a716b4a842cfe9e

SHA256
2aca84751673a51e091d13f0607e9448cbb8149271c07806d70f07ef31460363

SHA512
b9f8bbb6266013090a853c536108ed15636733cebcf40b62674b22852722a0284d4b8a628e71740d32b2acd842e21a708713942e550c97a1ce7a424b75ae9992

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.enc

Filesize
160B

MD5
868e5539b7c7ca907f22c49388bcb13f

SHA1
e969b77c3a4561281625098f6a1272ca80a4b4a8

SHA256
3608995ae5ef5739746c91d93d7c1ffe49e8b96d0b9892752a9c14f402d72bdc

SHA512
6650d93d11f98115f29080e6dfe98ee5117cb0e1520e3cfcda5eb5036d48b008ff1dd9828403abcde2d303d801dbafcb2954438ab9b8085be37cb66b702478f6

Download Submit
memory/2004-379-0x00007FF744AF0000-0x00007FF744B17000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads