d8dd46a8db97f8525e52b354fa325d6f7b2074688e61dfe06642b01839975082

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9449bff502591593ea49f197683250b0N.exe
Size

38KB
MD5

9449bff502591593ea49f197683250b0
SHA1

a7bac343514b2bf3732ace91dc49fb261cbe9b37
SHA256

d8dd46a8db97f8525e52b354fa325d6f7b2074688e61dfe06642b01839975082
SHA512

a7c76c8f81d7f3e61aea84b8bc88d595c13f4fdf829dc80f25ad9973f7a50fc3a992008890ab9a354c0fd940ea8ec828aa7e0b066406049e7c820cf470cf0638
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0k8z:W7ZppApkGpJz

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\CompleteExport.otf.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Windows Defender\MpEvMsg.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	9449bff502591593ea49f197683250b0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	9449bff502591593ea49f197683250b0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9449bff502591593ea49f197683250b0N.exe

C:\Users\Admin\AppData\Local\Temp\9449bff502591593ea49f197683250b0N.exe
"C:\Users\Admin\AppData\Local\Temp\9449bff502591593ea49f197683250b0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
38KB

MD5
0827256358b9f0186c3f59bef0a06c03

SHA1
8686c2aeb7eeb4c31ce98d80ba14e8604ee26b7b

SHA256
4e0cb4e58ba5f7da0668ce3d397f3c0d0dca6d581f3751a1e12ac8600bb1256e

SHA512
ad28a535e0c5f61d0c9b1783d75dff8c8b14331a70ad0c99ee9a2c661e9e8e04478a05fdedbf77da6a0d93b6a9d03deab1aa1d84a59e8afb28cba1a3fdf635ad

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
c2a5d4618d4e3bdb48d463193ac72bd8

SHA1
3cf4afbcea9b37dba8632446d93d84df75981f9f

SHA256
a694c327b79e72c39fe64b636663af11051e9b81ebfcac0375a5c3ee16007a69

SHA512
76b2a4161f7081249c9dd7d564e06f612e696380a48f36a72acc94b42a30a66778696004cabf9284ff4d829787d1c9e1436eeecc22d5b34fd0d9c631de1ed048

Download Submit