c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
Size

73KB
MD5

1c2f5ac2c43ff3ef54ff355e52c4e890
SHA1

4fc804ec2c011d26b982f5748ded95d47500240c
SHA256

c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336
SHA512

51c2c31d4e3299885041677a48483c509dcf440148c4c803e4ab8f5eaa41d894f97f98eaa827aebf5954e6f835fa15d408719b4783dd7af01a870f1c0d2574d4
SSDEEP

1536:W7Z2sspApkZrZ4+fU7lK1lKT8/8yNCNzdwEbdwEG:62ssWpcU7lK1lKgkG

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3295) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe

C:\Users\Admin\AppData\Local\Temp\c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe
"C:\Users\Admin\AppData\Local\Temp\c99e89eb159772d55c13c2bb33aadb50d55eaeb8f11a7c8d6771067fedf76336N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
73KB

MD5
c94ccfbd91bd7ce19d3d09eb1f71af00

SHA1
e2be129802384a26d962bf4dcfbc791023ed3a71

SHA256
feeb2ecd17a4b77a73bacfece10aecce8a72943e2b247a89a65825c8737bb07a

SHA512
af8d3e4298bc588869952413570465fe2ef55b36c1887c23079009249c3f568f8bfb0d77ec303d5b8de525bfdd5092a15011d4a79341f5b1e4baf62187e67007

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
6839b414bcca9144c7dc4452042f69e4

SHA1
f74a95f5fc6d95847c952225d291fcdc95cafe0c

SHA256
88abb7160b354555209049af18a3f9b00f4a0e9b9366baf73e83cf4f20c96291

SHA512
36696dbcaf5a0fa3e6d5d2d03c52efd7e41600b920bf9f8cd1586c0a20507599982c07356ea3f67563931181dd9a527f5ea25f3287662ecb1ebde09c7a1f75cd

Download Submit