9c531380721eec94492eb51c41e61ff189a7cfdf1349bad5d8f87469cfd324fe

Analysis

max time kernel
119s
max time network
117s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
Size

67KB
MD5

6d8991f0aadd7cb51f69ce9c269fc9c0
SHA1

81a60f30891e3f644b7ceb71d5d04764e1981048
SHA256

9c531380721eec94492eb51c41e61ff189a7cfdf1349bad5d8f87469cfd324fe
SHA512

46f8daeb30985314a889b997494ace07404707eb133fb39384e3ed102b3587397b6429977c77eab917b181885a600a23252a89db7a14455b8041639aa35453b9
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGWxY8SYs2oiLx3Fnx1xY8SE:W7BlpppARFbhbt7Y7WBp9/Bp9S94

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3265) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6d8991f0aadd7cb51f69ce9c269fc9c0N.exe

C:\Users\Admin\AppData\Local\Temp\6d8991f0aadd7cb51f69ce9c269fc9c0N.exe
"C:\Users\Admin\AppData\Local\Temp\6d8991f0aadd7cb51f69ce9c269fc9c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
67KB

MD5
c2c36d6cdf5f575a0338ac0d0d01a6e6

SHA1
ea4e1518a1a868adcc2f8b6bba5b795904b2a61e

SHA256
5389d51e11ce3e3577c32d15d402ad1312c6d2fe50e1a6d857ae4d2f990e1aef

SHA512
492b0cbb24d4a461d65806451378f7ec9df313169beff30db0e025c1733deb659a55bb35507a0c68471e8a91744f614e06204af88ae0f65c56fb52037e9183e8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
76KB

MD5
744fbfba490b69a00e83f5608832f064

SHA1
50abf3c79fe951007e7744b2deb4714643a22a1d

SHA256
74263e9913ccf787505f8a788de41530f0095bb7ed206a2f59b190bbde56de21

SHA512
661c3d2cde44fc7ec053c05d2934ab5edee22033455deea0c4f2a68e8d7d8970c082072c76e75042053cead9d16b0ca92207fb688360bcb92fadebe8fc21eba4

Download Submit