990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
Size

83KB
MD5

dfd022bfb692a8b7a4996e26822a6310
SHA1

91795ee40b59f054b6fa179b6053e55bb025ce23
SHA256

990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039
SHA512

3d0a3e1e3652a831788acdb5690489ff56c8792c2fd2b45532781f7cae89ed750b83150ff81c2210c3ab2e8400e9010715f27dd35a76b9897638fba43b36cd39
SSDEEP

768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8O/Gum/Gt:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5Nkk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3262) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\UnprotectDeny.tiff.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe

C:\Users\Admin\AppData\Local\Temp\990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe
"C:\Users\Admin\AppData\Local\Temp\990750e3e5bcce6fe7f2a6e4318f1812af340aeab905ed7fe4fa28e0cc9c3039N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
83KB

MD5
16a10d1b0732400251cca302a5af1e03

SHA1
e7b1326a4441a79d0bfc03a68c8a381f96628cbc

SHA256
403193e9f813f6618874d561930dc2aac4878ce4d6a0a7feb33ac24017c907d8

SHA512
2f918fde120f81bdd0bb95b8fb05e0435840c4ffbc450b597f3fd66d75dcdf7488213c56bf93ac6a8b56868171990efe0f35ec45b3c768f5eba5dd2ec80f7872

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
0a52850c3808c40a50d12cc3f3f071b3

SHA1
425a909fa2a3126e92a2fadeacd67b1e07062cae

SHA256
7ad000bbdc974ecbfc0c92f80a74a1183c4c1b16a068c7bdb022c958ea84bb7d

SHA512
d72a8df1521b4ecd6481cc0e92adff822b81d63f86d7e4ed7f1db730ee3cd3db3c359167d35da1a9da9e6f8f2de2e7cd40c8c26e076897add8857d9f58169dd1

Download Submit