5ed13d474ab1108dee22a626014e022d1cef1c094c68e8a672b54cb9f180e9a0

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

099cf97bc4808aa081f8839518fbb3c0N.exe
Size

52KB
MD5

099cf97bc4808aa081f8839518fbb3c0
SHA1

78c014f7555b043199c331ce25249386da7affca
SHA256

5ed13d474ab1108dee22a626014e022d1cef1c094c68e8a672b54cb9f180e9a0
SHA512

08405a9a2ee8027860bb34d3c3bd4ea0633f7b9a85505fbec9aa1dae9fc2f4d34c997c63295da17c188bc4a813470644a93177174c5b72736712da8e57ffc9f2
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFew/DbAGw/DbACSU0SUfhwRDThwRD0:W7ZppApBULcfpHLcfpyDoA4WZwXwK

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3355) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\RestartHide.m1v.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\UninstallEnter.xhtml.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	099cf97bc4808aa081f8839518fbb3c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	099cf97bc4808aa081f8839518fbb3c0N.exe

C:\Users\Admin\AppData\Local\Temp\099cf97bc4808aa081f8839518fbb3c0N.exe
"C:\Users\Admin\AppData\Local\Temp\099cf97bc4808aa081f8839518fbb3c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
53KB

MD5
a64cc2fe37240b8393bbea79ef27cb6f

SHA1
ece5e9abdfef2bb89164e7d2cc9d626cf22ad146

SHA256
a8bc85185543cd7db1a3557181dda21d1f27f021dad2ac4555723f14a3397575

SHA512
8afaa378c348371276b177a4768bb9b9f9aa9e2233ad0156f89727106dc3ec1f38991380893f5b7f08c9cdd391dd5d9bb4fb7f84d8a680c510cb2cdfa5175321

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
413e46830f7922514c115ebdf515a412

SHA1
a6901de454f009fce55bac4caaa3d6e3f1050d8c

SHA256
255f0062c0a3fa678021d02d7eeee4e004af14c6cabbc67e2ae19b3eccbd0910

SHA512
74698821c3f9d868a32ae2585fe0b75ec56c0c727f3c6f4c6a8374c9865b1f32e6fbd54d6f0b6820a59f41d192ed463ec632cd491d7b27ef53e99c52df3e6b50

Download Submit