99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
Size

39KB
MD5

4291beada56be21cd9aef90c9bf47b23
SHA1

d7739a0b851104ba7c72cc71fc0672c9a3eec03b
SHA256

99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29
SHA512

37d2821585b78ddf04636d271a0b1aa5fa199b0a42ef94acdfe2355b1511f3145fd6e93d105f3609f4a99720780d35d0b67db8c57c179394d705134303a3fafa
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmnsNw/Nw6gQ2QF:W7BlpppARFbhknrSLmsNw/Nw6gQ2QF

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3766) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\mip.exe.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDFFile_8.ico.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\InitializePublish.mhtml.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe

C:\Users\Admin\AppData\Local\Temp\99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe
"C:\Users\Admin\AppData\Local\Temp\99c478eefa0594dc408bed7df5b352e7fb95a9aacf500c90eaadb7d5994deb29.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
39KB

MD5
6916c1b1f5eae6f11b4f960557896348

SHA1
b99ab7b70da097ed922e941f08e1ec2ae887d87e

SHA256
d7b770f76812596cf111ae6c0a60502b92a3dbd75cd9bf554391bc96596ba798

SHA512
dd6e363087a4ef789310759dbfc27c876ecc2bc322a528a6c67f3801208fc4489016cda4873d15c9517c8e7461a4edae85f62224dcb8a0ea40c9fa367a06cab3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
be7392d58ab7be2484e80f2604b64d3c

SHA1
8faa9cd62113f8b395b431a9702402b1c02acded

SHA256
16462ddde41ae045730b20f58694d148fa400a024a4091bf72d3f4148492e500

SHA512
6d387c672afb7fe52a5c1e3829e2c82dfeb7d886026d84e6c4aa17328241f0f381c2756a8f4ce6f0c254f800d385391b18c9dae9ee5636a0f419b325adc90823

Download Submit