9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
Size

49KB
MD5

d4b688ad1dc3e63223e9982beea304af
SHA1

9cdb0f7ad71f027418503b3f25fb70c6dbe9020b
SHA256

9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407
SHA512

34f130b3ebf72308812a296fdcfe548bd3d78b17777bab903b615e9179d230b5af2331dbdd74331458ee63a96dcc30d11a0319cdf5506b8166a4772607ec1783
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvo42L5FgAytBVRz:W7BlpppARFbhjbhg42LcfT

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3754) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe

C:\Users\Admin\AppData\Local\Temp\9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe
"C:\Users\Admin\AppData\Local\Temp\9a49a9b0e634031dde83e3a0ce184ef86e4aa6c5017d21aa16d36b59430b3407.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
49KB

MD5
9115ea3f801a9a19657265326df8f631

SHA1
37ec591f0bdd8be1a9a49cc98e86939432e26c74

SHA256
15de3cebb43cbc8b2c5b795ffbc8f83b7c8ea274f4dffd9fabcd8711447420b3

SHA512
8e3e017b86df6e59d32b0073714cfde46bfda705b392ad7301bbbb046d9df50e4dc072d4fe449ea774a869c8863a9bc1a6727a89f66fc4242bade6119ac8605c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
791e43b3be2edb339f5d59a38c8b6cb6

SHA1
e0279fd58b60117934df986a42d3e4239d911f4b

SHA256
eb8a25f7e2ffe0481291244de4e3e6e57a51135cc3eeb854ae85755c9b391dd1

SHA512
ef3c4c6b5d46bd3c942b0cf40d800a7022034288eea407bdae3adec08a619c57ddbcc2141081b7d93aa9d26c269417cc0b3834d5772b8a2d25d50226509429b8

Download Submit