9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
Size

60KB
MD5

1014b8fccb3335ddc3a8c76a58ffbe8b
SHA1

21531904ca3e52bb292fb9bf21b627abf31b0176
SHA256

9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e
SHA512

de821e2b4859cbfea9e10fa9048e69d41ff41d2f042b2252733dd4638ffe849d7ef65c608ee12d097b95f920ffe1572f53ba9f74732b0ca4ad4d76df8e17048c
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/9Oq:W7ZppApBULcfpHLcfpX2/Nw/NwmxS

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3774) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\micaut.dll.mui.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\settings.css.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.tmp	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe

C:\Users\Admin\AppData\Local\Temp\9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe
"C:\Users\Admin\AppData\Local\Temp\9a6d86923cbf92817c9f814f8c5eb125e12ec07c6b0b24ea7f2c9beb3983775e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
61KB

MD5
85abe2323dc24de653b8cd7095d0f891

SHA1
73394b105af041b1883aa70dde3b89c6c8bc2c0e

SHA256
0362366645cebaf6887f0e5ce0a72992ef593bed010cedd7799380bd76ce1e91

SHA512
8b06630824f706c897185954bd8cdfb26f1b8786d1b173633f1754ace7fcd88abdc12a271f7967024686408149bf9994d5314fdf9cfb5bfae5d32af541e5a6f5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
70KB

MD5
bdd56041af814b72c22dcc3d82524cb7

SHA1
b6d0c004f300d19845906cb1a360979446f4798a

SHA256
24a82a4db22e9732ebea0392b6543c33b8b72657631b7e724e7e36b588a0f6b6

SHA512
c6fc3687b1db9e9f4fd381c18052dde1e0a1b5bf81369409eaba872534b1002101c12c5df0c4b86ccea285eea6e35739055409ff7801b1b02402e8c1fed990d7

Download Submit