a3d6e41d15a96e85fb1997ff487d1e9aa6293deb347fcc52171d20783cf58fff

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b9d09d2a356672f59835781c48c68f0N.exe
Size

71KB
MD5

0b9d09d2a356672f59835781c48c68f0
SHA1

e726a33878d63446912e7d9b20583f20099fa986
SHA256

a3d6e41d15a96e85fb1997ff487d1e9aa6293deb347fcc52171d20783cf58fff
SHA512

c954df7895438c62ef1af84317a3875f5d0c7c5bf9066731c5c8c2d86610b687abd2d31055b4fbf3e94dbdb4dd5cebcd8a2c50960dceadaf5fe3fffc9771ca36
SSDEEP

1536:W7ZppApwEwnmJARJAaXxXNJdkCKPuJdkCKPFauae:6pWpUnDXxXG

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3690) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\RegisterImport.docm.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Journal\jnwppr.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Portable Devices\sqmapi.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp	0b9d09d2a356672f59835781c48c68f0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	0b9d09d2a356672f59835781c48c68f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b9d09d2a356672f59835781c48c68f0N.exe

C:\Users\Admin\AppData\Local\Temp\0b9d09d2a356672f59835781c48c68f0N.exe
"C:\Users\Admin\AppData\Local\Temp\0b9d09d2a356672f59835781c48c68f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
71KB

MD5
259ec0bb44b3d91e2550db2f8b2880a3

SHA1
fbcb4a61daab4c38bcb2da0ec784e4d56c3acf4f

SHA256
c710ec4658617fa9317d336d330bf6ab90e27994fb14e36bcfe7ae70c2df099b

SHA512
219abd4d1fbb6fa3fad751a80b3bbbb98a54ed3dc25074112a72bf0c4655b45c96e66650af7a55c1e4c2b03115fe71eb76dd509adceb4a90a87e5d0e32d2998c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
aedead6163e76c5f6b7a590229789f8d

SHA1
a2a5002579eacf09ca224f596c1bc86eb89b3282

SHA256
52821096db298d497bd3b941017956cb195bb252d71948390f89b42cc53ee3d7

SHA512
276dbf87ada39b42f625ccdfe4ad78f4fffdd85657dccf937a0382389f57d9c1c4344ec7278e0b9a58f1e0c86ecd417afe1451768de74cb422434bc35f8471cf

Download Submit