88536dd57c64f5884101ecb39e8e8d0976b4f5552e46e0e2f5bdb0a8e250c492

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b24409cea294b484d17120fedf3a830N.exe
Size

102KB
MD5

9b24409cea294b484d17120fedf3a830
SHA1

813041cc9f557e05625258c06d6c6bc16b374925
SHA256

88536dd57c64f5884101ecb39e8e8d0976b4f5552e46e0e2f5bdb0a8e250c492
SHA512

40dc0619266a485d35ac9aacec8fc02b3468f9ed3537855839a0f2de66030933103eed0fea89eb9685a21d8811afa88b99b1de68a36ec8365334d1ab3ced7d54
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8z3MLyPjPY:6DWpwE7oL2e+efZwZ08i8z3MLy7g

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3145) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	9b24409cea294b484d17120fedf3a830N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp	9b24409cea294b484d17120fedf3a830N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9b24409cea294b484d17120fedf3a830N.exe

C:\Users\Admin\AppData\Local\Temp\9b24409cea294b484d17120fedf3a830N.exe
"C:\Users\Admin\AppData\Local\Temp\9b24409cea294b484d17120fedf3a830N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
102KB

MD5
4469f3358e633d95e4575dc6fbb1e08b

SHA1
08af0e260d7d607ce73da33fc3435ea94544350a

SHA256
feb1fce59f4fd1fc05f5739e2cc46613de845e416cca9bc4cd0de668aff2ccaf

SHA512
56675e93f374e119b1e425e35bcc87b5ba0445ef389c2148058206d0125b3de8a93356475985a99cd7e28be330785b5b136e233df7d15dd940e4a07cae5685b7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
8c0e32eca3336f3c8ef64a2002878ef5

SHA1
077903e194a46c3e2c993be321f4248ab498e504

SHA256
6adac99ade1f3dd2468a41b45ddab2fbbf2353e1e1d052040ba8b154ca6c8d38

SHA512
de1cfbf288baa273af8e45019cbeb8d0b9ba2f34f6c0103611b0c8dba2750c5e742ecb18b0fd4d3a64e183ce077b6a119a9acbbaf074eabdca1617da248ee0c8

Download Submit