9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
Size

50KB
MD5

d13dcfa3acfa13b2e066a5bb973b4b3b
SHA1

5358883a387a140ead0702a09c395cfb90562b46
SHA256

9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44
SHA512

fd873714eb0f55b79b535710bc21466364a0823d9c202ebab576b40d41753fc404c6cddcaebd3981b79b68e76fde26d533084747d33d9362e7a1ba3d4931aaf8
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFew/DbAGw/DbAu:W7ZppApBULcfpHLcfpyDoAu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3725) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe

C:\Users\Admin\AppData\Local\Temp\9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe
"C:\Users\Admin\AppData\Local\Temp\9b8260959a9b5ba39a831174b24098c4ecca8b017987ff527660f032bac17d44.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
50KB

MD5
72da726c456be0018bbb91b632bf3283

SHA1
e8e4d45e2b0e6c39cd846192e919d910bea09219

SHA256
6b3549b2cbeb35fa00c5b0da28e381886340a07dbd91213179a890cd173ddb40

SHA512
9f86115e10c327abe9f79cb7e68fa446c63624081e7ae7deb50ad72291b9ecd4f8c944f16541bec8988abbcb5f4d90ce2f5fd93b50c265d6abbac2832eb8e8d1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
015ce24ae7c9cdfa3aacc346a8778d7a

SHA1
5be7858f91e4ba704ee52fcff511bb3eab56c559

SHA256
72b09845add86db93fbdd891110259f315ccc067c67dbf21cf8964d7ef67c20d

SHA512
9bb610f8269af7bdd6d74d89d168a2184d484c19a63b8fd6c0da17fa310ec158f5bfff260a182f0584e05234e8b7fbcc484c83771c99a08e2b77540a8fc42256

Download Submit