9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
Size

76KB
MD5

e4946b354fad35a87289ae0192714020
SHA1

463f433c1e418f64df3a6871cfbd44a21c046823
SHA256

9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83
SHA512

af417101dc851534025465e4bc3125d638393fdbe3ab09076f4a4a5269306054174d488fc9ca6062f77d99b9bca47e1da4c930d06f3d0550701b8ad2b72a6308
SSDEEP

1536:W7ZDpApYbVK4vx4PN54PN4OHepOHeZSbM1mM1i:6DWp7WD

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (697) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe

C:\Users\Admin\AppData\Local\Temp\9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe
"C:\Users\Admin\AppData\Local\Temp\9c10859fc798084cfb85b7b71d2f08ed49fed1ce6dd76fa481d7132e58790a83N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
76KB

MD5
ec5a33b5acd2415ecd17d7307350d5aa

SHA1
7000af72d4b1b11a2574e63c347eebd2a0bcd697

SHA256
96b56552d5d46a5283325ccb2ce25a4623f99165a306ea719468705d50cfbf48

SHA512
662fa8e13e16a0f25ce1d5762e276972e80529f08a8d48997e1af1d88d78a218d46885a1aed35a6b7499ade7a0e22471c87384c414eae00fc0b959a431cd8ae4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
7fe8855620406be0d8cc09c5ad8cff50

SHA1
0e30ba7ed4799a8c21dc0f7cc197c3594f6ca111

SHA256
1d42ea67ffee4da5c6a445f460c541bcd4a3554e1e88069c9483b3ba72009f01

SHA512
bd795938be15cbfaa4bfb3a1e27488a47726158240910d6ba825e5d932527d8b66700239ec77958abd3e6ea6c3dafdf58d6509a4a0c6bd31add426d179ff4192

Download Submit