1e007ec36b08a0a34e616b0c58c0092f48e5a2ece03408d0e6f0074de10af3bf

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f68a1efe8c6baeaf05cb004c691b900N.exe
Size

77KB
MD5

9f68a1efe8c6baeaf05cb004c691b900
SHA1

b638ae2779f2edef7dbf7ac3e676f9b36f30ef1b
SHA256

1e007ec36b08a0a34e616b0c58c0092f48e5a2ece03408d0e6f0074de10af3bf
SHA512

0d5bd917bd04c1c744fbdedf83970605e50acc9299397eafd3fe0120c24ebc46704b9ce406779736f28dc7a566f052cc242feab3de035b51de9db3584d8d3e98
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvapBpYY9:6NLWpCZIzjwHw0

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3155) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\OutExpand.xhtml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	9f68a1efe8c6baeaf05cb004c691b900N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9f68a1efe8c6baeaf05cb004c691b900N.exe

C:\Users\Admin\AppData\Local\Temp\9f68a1efe8c6baeaf05cb004c691b900N.exe
"C:\Users\Admin\AppData\Local\Temp\9f68a1efe8c6baeaf05cb004c691b900N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
77KB

MD5
efdc9a0106da4a383b04b5f1802c3257

SHA1
feadca38d4360799079de3eb7f623ef514d6b46a

SHA256
32d0d9e1aaddb0600d0071ec075cbd7100882eb0304b2b49527965762e7cf45d

SHA512
f46230cbe4daa26e8af8ac07558acd34ce4b7f8b0680b8fb7223be61fe37838bff876430d7e43413552dcb5866055ce7202f224472f217cb940d91702432911a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
8956e7c8ec1848ebff594ee2d9114777

SHA1
4971082b19327174f65690145096585c9aa966a2

SHA256
a9c9f85b3857aab61ad051d4d0f9db74efe2f6f3f2aa09649c24fc7ed6b2d910

SHA512
f0b923cd30dc1ee244fe26ecd067d981d58eba5be86c1630b5737160dc0c7c32a674bc4b3ed8180b6c781590a0715bfedc39061d9c9baafaea9426cca1a6ba72

Download Submit