030b0c911585e6d24d480c817f34fd9e157146a89607710762f15d62380d9099

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99168f0a5be4accdb8c6cb07b24376c0N.exe
Size

48KB
MD5

99168f0a5be4accdb8c6cb07b24376c0
SHA1

1caeb3a88f9017905ce51b02f4389becc2e29ec5
SHA256

030b0c911585e6d24d480c817f34fd9e157146a89607710762f15d62380d9099
SHA512

c1d39001d9c74e2f8f6bb52ca6f5ceffdea5b769088c35f6093de3abc6baa77b8a5c2bb71d2d39acf8edb5d96bccf97c50304848ef3317b0a39d7b1397ec88a1
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0Iqja9jaJS/A/A:/7BlpQpARFbhNIiJwsJwwnZ+S/A/A

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3250) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\SaveClear.iso.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	99168f0a5be4accdb8c6cb07b24376c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	99168f0a5be4accdb8c6cb07b24376c0N.exe

C:\Users\Admin\AppData\Local\Temp\99168f0a5be4accdb8c6cb07b24376c0N.exe
"C:\Users\Admin\AppData\Local\Temp\99168f0a5be4accdb8c6cb07b24376c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
48KB

MD5
f4a2587892a9e6f1fb6d83c35cbfbfb2

SHA1
66bd7340783f9ba7acf2d298bd5142ed10d4f77c

SHA256
31ac53a97ce822a54e5d94d89d9953c9f879bcd4b45578ddabc6ea26d243dbd4

SHA512
0c3751add0f86599d835bc3cf333b420851c254ff0932c09a66901d9d12e3e10c52c4d01dad97968d1e56f5d29d4893c39871feb3ae6ac556527d9289a09bf4d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
2f43fc028dbdd681f9dba4219be29391

SHA1
5425860f7a2be6872a7ba6911fb80e5749b06479

SHA256
3e8616d15e9d35e0e1902c26bec2c901d5acfc08ea8a4d4086d064cb4add7453

SHA512
b533728f7bd463bda7dca9346329e633ee3619c4cad260a19fd67596c66052bdc2bc6b5b4f3a677a1b2246e8dbe938db43aa6da90c6c7018f05171da8cfa1d26

Download Submit
memory/2252-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2252-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download