009b8fe24e486599852e65b2232d38a66d4d83aa0daffbd60d18901cdbe5e049

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 14:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

184be91a62abb2e936acf3426be7bc00N.exe
Size

37KB
MD5

184be91a62abb2e936acf3426be7bc00
SHA1

817093fff813b73318b952c0d46e3f4eac28f8a8
SHA256

009b8fe24e486599852e65b2232d38a66d4d83aa0daffbd60d18901cdbe5e049
SHA512

43b30849a4d35aaba139c12e7e80544b0fc9c8ac827733b1a01cd74b1b6e09a8476babc4ded5cb084f5461d14801ee527035f99402b8832a7ae0c439719e0e66
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHA9jxjM1GM2kS0Ie1GF:yBs7Br5xjL8AgA71Fbhv/F70U0y

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	184be91a62abb2e936acf3426be7bc00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	184be91a62abb2e936acf3426be7bc00N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	184be91a62abb2e936acf3426be7bc00N.exe

C:\Users\Admin\AppData\Local\Temp\184be91a62abb2e936acf3426be7bc00N.exe
"C:\Users\Admin\AppData\Local\Temp\184be91a62abb2e936acf3426be7bc00N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
37KB

MD5
0f6012f5292e9987913e863f96b445d1

SHA1
fc5c5af4e7e1020b2efa2864f2d231ba2370f4a8

SHA256
5967c32d5814a3807792f3d88334dcd0f401694ca7ba0df25dfd0a5883d7327e

SHA512
c4e6d65a89f55397850eb97716e6c8e30dbe8a2442393d2d405a227b61c7766819a21eaca9ad9deb7902182a8afbc24cf8c5aa0ab9c13ed5c2ae8edb83b2ad32

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
2845823dff5c51ffe595ab1761837eb7

SHA1
12d0959b1c25b11d3a2e229dcfa172208f8b93a5

SHA256
884ec49e383c039473413fa2d3591c76a02e0c3ddf1387b2461026d3ec912afb

SHA512
b890d4a41175fec75a3344b0a16e6d3e4f099f069141cfe3c65694589e0c716235d59916043fde99b735a15824cf7370db9a4cf709d007f9d4ece185273e18f2

Download Submit
memory/2356-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2356-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download