4948b4e3b984cfe6fd1372f60b4c50fe60c40bf121075516d0f7e13fe3c64c4e

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9cbc3cd68a4d0a197a04484d9082e720N.exe
Size

36KB
MD5

9cbc3cd68a4d0a197a04484d9082e720
SHA1

5f69f372f763c33629489f4fc5d22f573ddc9ed2
SHA256

4948b4e3b984cfe6fd1372f60b4c50fe60c40bf121075516d0f7e13fe3c64c4e
SHA512

66d1f6ea73023016dd056e734e9055a822bf2659c84f94536a4808c9b86f0e3fe51a818c8f22e8e862562dd1261473830e82a462dbf66aafe1add69329836a3b
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHbkJkFdLWi3dLWiU:yBs7Br5xjL8AgA71FbhvCDC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\CopyRevoke.mpeg.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\EnterMount.contact.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	9cbc3cd68a4d0a197a04484d9082e720N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cbc3cd68a4d0a197a04484d9082e720N.exe

C:\Users\Admin\AppData\Local\Temp\9cbc3cd68a4d0a197a04484d9082e720N.exe
"C:\Users\Admin\AppData\Local\Temp\9cbc3cd68a4d0a197a04484d9082e720N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
36KB

MD5
46e6c9190ca09d1c119b8e157739933f

SHA1
7faa29405a3a5d66bea9f82f529164af15df8048

SHA256
e2625225d3672a608e9ffabe254d4abb17124332b05f969ae6251089e4409d33

SHA512
a4fc7fa4700b91e2bab07cb7771969af17d30f296c05178dd10ccee421c5cf16f75775c7c9e15d139b92c1ba3a00cd103b4125476d1dcb8983f8f2c6cc14c681

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
074fc3184da0ae703284821177e903e3

SHA1
f4e879e685d16b84a9872972ffac6c39ebf53532

SHA256
3589a99bf84d65bec320703da81476e43a5f890c9a4ad7cf03fca12da972827f

SHA512
cf0347333783407d6d162a12f03aa65993766d718f7bdb6926356bfd37fcd7c433392daff7c0bb5e0b4a1c8f1d1c1317f19229af63bccb117400c62bc76bc8da

Download Submit
memory/1596-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1596-98-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download