008c9e4275084a30b12724d1d04171045538fed936616f6617c3dbbd4ec37f15

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9e84bd03e36c0b0f1f12090993185f0N.exe
Size

35KB
MD5

a9e84bd03e36c0b0f1f12090993185f0
SHA1

fa210592d287547af84797247cb6919295364ffe
SHA256

008c9e4275084a30b12724d1d04171045538fed936616f6617c3dbbd4ec37f15
SHA512

d85aae903fc206525e339a323367fbb7cbfa57c2d9ad471e292bd9df9669d153b96ed7252bed9cce9d08c2dd05383165fca85ee03e962c4787fdfb5ab818201d
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHA9jxje6OMmy6OMmW:yBs7Br5xjL8AgA71Fbhv/Fzzwzd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2822) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	a9e84bd03e36c0b0f1f12090993185f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a9e84bd03e36c0b0f1f12090993185f0N.exe

C:\Users\Admin\AppData\Local\Temp\a9e84bd03e36c0b0f1f12090993185f0N.exe
"C:\Users\Admin\AppData\Local\Temp\a9e84bd03e36c0b0f1f12090993185f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
35KB

MD5
8f4aa7ac791efdcd2c63b46fb3c243eb

SHA1
8a69a8d37dc645ce6be3185d00af1f5cc7eef1a9

SHA256
23bc7346ecf4c1378a7a2dad7a604dd16511ea3c683dd2923f1e06c67179081e

SHA512
e30ac4871a37941af256529ab78659203f45090bbdb8d7965d2ffa63bf611d536a9b393fb7cfbfcb927a6d3b1343af3b97589bf822acd0d2d9310401bc5cece2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
44KB

MD5
41d4fde2751743b23cd75cd040032d12

SHA1
afd90f225faf9d66142e2625c0d7cfb1c83ca44c

SHA256
3222b4bf717607b708ebbed0cf19bde96124c83e617945683495684f6fd40676

SHA512
983882055c10b33b579122faea6bde5ff21984a92cb45cdac710bfcc3db5966bc85f9e3f4de0e51d494f3868191bc070064c35b44c57076ef9bde8cf9e191921

Download Submit
memory/2544-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2544-162-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download