9cb4825b51c08ad63c839b2c5a02b3b406484f94c9fd7f6a4a904b30e6bc7602

Analysis

max time kernel
119s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
Size

85KB
MD5

0b6d9648d8fc5e0f99dee5b1c5a25310
SHA1

2e56a36339d4f8ae133017318a96a653c09c9cbe
SHA256

9cb4825b51c08ad63c839b2c5a02b3b406484f94c9fd7f6a4a904b30e6bc7602
SHA512

e8bc05225c51706021360ef26d1c0adde012dda81ae60732e3018cc732bf6df79810543085019a9d35860d7f5cad656ac82de2b576975e97ee591c355b66ecc7
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhT:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsy

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2818) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\BlockRename.reg.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b6d9648d8fc5e0f99dee5b1c5a25310N.exe

C:\Users\Admin\AppData\Local\Temp\0b6d9648d8fc5e0f99dee5b1c5a25310N.exe
"C:\Users\Admin\AppData\Local\Temp\0b6d9648d8fc5e0f99dee5b1c5a25310N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
85KB

MD5
037911a3280b976c18fd4c7eac4e990f

SHA1
57e783320a410acd92500cd71b2b610a6964372f

SHA256
e47417e32b890814a6c12f49bc2937ff6f926851a6509895a90ecb5e01bc934b

SHA512
b2cb9e7765666dc64e44c2a042134b9d58445a1b713d452414d82a59432e74010439bdae805a7286e6f3d1ca4c987970bd4fcf0c27c8d8f5f9bb433897861470

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
abda9d8eb3a09744dfd0207a02b82a48

SHA1
8bffffb8a476f9f9a914ee882b775a686405b1a6

SHA256
7b946eb75b954e8f6da28059d3c4fe8fe0afba329e694ea68c25bd98da546a3f

SHA512
f7a6d2cb0d3872cc393d7ecfe5811618591a8d16c4c35431ae8b3869f888730b3325f94f6bb80f4d53b8ed377c005f2e4bc14112472c68cbede986d8579e6419

Download Submit