9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
Size

36KB
MD5

b60844e4f7a566caa9dc9ce943089a08
SHA1

fe141e417fff13983000e14396d133b96f173e4b
SHA256

9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6
SHA512

f13f18e594d3ed6050d6844fe519220c7bcd83c5274928168e5b1d4749e4accfe34a31ac4e72f79d4825f7c329eac7c47828f4f0b8033ac21da3949658a40b4b
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHdGeqc4SUqUGeqc4SU1:yBs7Br5xjL8AgA71Fbhva4S04S6

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3777) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\IACOM2.DLL.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe

C:\Users\Admin\AppData\Local\Temp\9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe
"C:\Users\Admin\AppData\Local\Temp\9d371cf439819d4b433a661e2bee427f3b1adc4aa2885aa6055a2995dc52c5e6.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
36KB

MD5
14ab11bd3628e40938e8dbbf41b6469f

SHA1
88f595bccd400b248191f9e0e9f4c4d4e3ec017b

SHA256
ba3f4a1f9f7b24e89c6e2316974935083acc23d06c212ad262d73d79c4ae284d

SHA512
f037b69288726b6695f117a36af1170d40f5a83082c61e726262bc74f345c654a1edc4d8faef7d403c254d8d2594222259c14cfdfa4bd6efec0868df0de13e3d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
b872238fd9563457a6b066b16a544dac

SHA1
45b8a9c1a84519a501e90e7fdbba2d47a2fffd35

SHA256
e9bbbcecc4d8e1b5891d472a7e85b9f69d015e7799868dec5ca368e467d6e97c

SHA512
f33c6cbf700133fd12032af136c47b5de3d7165a53919275fa9a3750d774dd63138138c64e0fb24c3d9cfe2a94dc3ad342c074e018b589447233640f7345e765

Download Submit
memory/2728-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2728-660-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download