f5d4fddb93bc5e5944b963a3e2c23e58482cb0c139227f24fef8fb7a2f7a75dd

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9abd029deded6dc4c024ab82ba25b000N.exe
Size

56KB
MD5

9abd029deded6dc4c024ab82ba25b000
SHA1

f1cc6fd748fd77d13dafc4e19c5f2766c668fa88
SHA256

f5d4fddb93bc5e5944b963a3e2c23e58482cb0c139227f24fef8fb7a2f7a75dd
SHA512

cf9fefc3431f5f86bf0f35c24f2c6a4f2e4890e5ca1fe10d33732c72b1d0da8acea88b2103c301f6a5ea853cb3a2148dac3d4bdc16e412ccea07295ce92a2883
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/FoL:W7ZppApBULcfpHLcfpX2/Nw/Nwmxf

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3174) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	9abd029deded6dc4c024ab82ba25b000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	9abd029deded6dc4c024ab82ba25b000N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9abd029deded6dc4c024ab82ba25b000N.exe

C:\Users\Admin\AppData\Local\Temp\9abd029deded6dc4c024ab82ba25b000N.exe
"C:\Users\Admin\AppData\Local\Temp\9abd029deded6dc4c024ab82ba25b000N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
56KB

MD5
871d82ae348ca2ded62f50a789566977

SHA1
7e4c8fb63469c56ccb9b0cc40bc5c487f3919ad3

SHA256
176f3175f3899448870cb45b950a19dfa2f5ed00c375d6af46efc44ae7c12042

SHA512
39b61b19014870c93c5ff3aba9550be7074812fed007d5005e0ac7994accf3ed9e2ac12b3d8c00599da149c6dfd6961dc8123692e768497faa560d9522346a17

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
84e31f8796811a70ba2f192b699d55f0

SHA1
d46540f440bdf681dcb6ad5afe2829974eee513f

SHA256
ee6bf25d870aaf21e96da69d657e068378bf2be85c12e7a0ec7d8fd54d8e4309

SHA512
dba14ea49e2b069901a996bdb6b239dcd296458d2b175041dc6c8f5dd5bf5a9d4b5d201e4c0c8663f303aebd8c09ab139fe9b562e89a8fcd5f327a0ffd056610

Download Submit