d453a95d2161d20a6d694d460124ff34e7787e79c7bbfb2c10e37be59a181ec8

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9067e262fc0cee7ccd6efd52823763f0N.exe
Size

32KB
MD5

9067e262fc0cee7ccd6efd52823763f0
SHA1

1f45d2f677fed6c1eb85e645bee704e3599f148a
SHA256

d453a95d2161d20a6d694d460124ff34e7787e79c7bbfb2c10e37be59a181ec8
SHA512

b6649303af6e7e0184360ee5e050fc2bb216cef3b0330aecb542df9d6e1f92afb3a427bd797f2df145845d5d0f966be3657bcc831737d21207b52f407ebd7c24
SSDEEP

768:W7BlpppARFbhjbhPKueKuQojEeOiJfojEeOiJS:W7ZppApBsEdEh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2044) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	9067e262fc0cee7ccd6efd52823763f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9067e262fc0cee7ccd6efd52823763f0N.exe

C:\Users\Admin\AppData\Local\Temp\9067e262fc0cee7ccd6efd52823763f0N.exe
"C:\Users\Admin\AppData\Local\Temp\9067e262fc0cee7ccd6efd52823763f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
32KB

MD5
7852daba6b1e51ec422bbe01e8abbb3a

SHA1
fb050e5c69aeeb43955545ef39b3f06f020fc11e

SHA256
49cdd89109e8d2fce91bd372601bb0ae592e977db1181cd5a98614a491054e26

SHA512
5add58bdc8ce302035e16f606d9ac940a098a58df628e2a61f6e34698d71e13b9af4877de119f7c562f84c8c65d81262c1ddeb4eda57afba3c2b3cb5610faeb2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
41KB

MD5
9a4e179eabe55f78504ae660226effb2

SHA1
e4eed57969437b9d7215b1f09a5851f89f300e24

SHA256
5637849fb24e689224768140f4aa76cd2285d00685f32e3115e6fdeeec1d7c86

SHA512
06bd84207ef4d21001b682302e95344c3574143ccb006f3792d43909590845155ae8ca3396dd2f7ce6352979a30f9293687952822ca78954299b55cf97ca837c

Download Submit