49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
Size

198KB
MD5

b8e0f9f97e599763a48745dafc5c7e23
SHA1

90cbcc80926653fdcf30d15f66487b6b9a3a4b85
SHA256

49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc
SHA512

926bc238d85a8ffd5f471444183d6bab0cc69204433eb29b3695b338964180c4f3017479e5dd5e5446f41f24957adc8fa039b952c1dba4a777ab7ab3a93b647d
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkQ:RqKB+tOkWKR0iJ0lTzkQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\RestartInitialize.xlsx.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\UnblockRestore.eprtx.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe

C:\Users\Admin\AppData\Local\Temp\49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe
"C:\Users\Admin\AppData\Local\Temp\49f9f2b311ac723147121eb717fb998779674257791e2bbc871cbd3c458adcfc.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
198KB

MD5
893ba46adb999741756c5c5e5491529d

SHA1
68f44bf4eed7e884af14e96272d053a13e12bfb3

SHA256
0eb363f0a9c30de878704d2943da75cb9a4ee0e05b511115846bf246d4c8e337

SHA512
4d3700ea70e4d55181e4694ac53f49cec3f9a8665e7a4efb637dbc2c2e55c56323a52ba0b78fcc956f6c39282a992edfba11fdc919c0c77b4228ce410c058d1c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
207KB

MD5
34d7bc3f1fc525456fed54f77d0988f7

SHA1
5b2ef9a5f1d07921b5dd3bece6fa299f969ee6c4

SHA256
f23f9b48d0fc8af9552e73e7c512a75a43cfead6bf0e926c19898c013c23312b

SHA512
105e8db3eeb0336dee86b0e3c29cf22d44c0498a057db8f94e761d42dd660ff30c17b89a33e40bc29c913ca6d668acdeba5a6539a81b7ae6d8e103a44f4c122f

Download Submit