2daf25388f33d633678bbdeb0f33e64cce010bc6b92021b4945e53cb1a9edd90

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a9195fa45450602e989ca4a68f3def0N.exe
Size

84KB
MD5

6a9195fa45450602e989ca4a68f3def0
SHA1

716b6808592bff8ef01f0672f63b5758e99297d1
SHA256

2daf25388f33d633678bbdeb0f33e64cce010bc6b92021b4945e53cb1a9edd90
SHA512

2cfaaaa599e29c4c8bb950c69c03e43f611fe7afacc4943294cfcd8ac4808693bea844a6d4d38f12d5ce01cf7ff1365e57ad6c5f48462d7c6ea8e10acbc9dc20
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShZQ4PN54PNr0Vs:6DWp4Wb

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3143) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	6a9195fa45450602e989ca4a68f3def0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	6a9195fa45450602e989ca4a68f3def0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6a9195fa45450602e989ca4a68f3def0N.exe

C:\Users\Admin\AppData\Local\Temp\6a9195fa45450602e989ca4a68f3def0N.exe
"C:\Users\Admin\AppData\Local\Temp\6a9195fa45450602e989ca4a68f3def0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
84KB

MD5
87fba7bc36eb8a09acc2c4a77df25233

SHA1
fb1b94c79e7d0725aaf0fe43916624346250ef04

SHA256
98d39b49894a7441f34b676a65e3c070426b24c953fbae11c8d2066e35116f2c

SHA512
ed1e0eccfd11ab31d2f15ff3ed2f86ca76b509c626ea8d84d64377c4002aee255d37ba1bb141ab17ab76e68c7a25a520f716b68d63c2ab04978513f958a3d2d8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
5f20e4d9bc337fb4c53d22552a5f41ca

SHA1
e63d1b6732d1abfb0c61fda438a1441aff0a7e63

SHA256
ae2608afd98dceeb8d77bf01ad1438802c2aedeff147b4600ae48a6fa63eb27b

SHA512
609bdfca6bed06dfae8bc7db4f5a76493dc1fea4d31fa806539c5e379b7a9f9c112d8a43c6461df25bbbbf8b85a17ca386f01c039cdac4ac4f3190bb81e484c4

Download Submit