f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
Size

55KB
MD5

cae22884b53214d7645e8c0055d154a0
SHA1

ff3e039e09d47f9fbe395f79f370db2631544c01
SHA256

f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16
SHA512

e8f51c315061db639ffc0f59d6f330c11f856eb1ba5642cd87530431336ec6edb09e60a567171cfe089a7af272247c55b41cd4f7eab919ee41100c35b2ccdee8
SSDEEP

768:/7BlpQpARFbhNIiJwsJwwnZap9QKQZQIQ+:/7ZQpAplJwsJwwnEp9QKQZpx

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3158) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe

C:\Users\Admin\AppData\Local\Temp\f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe
"C:\Users\Admin\AppData\Local\Temp\f91932f8d4d5f2c882bb0de0284cce9878882551c6b93be4fd4797d4e24e5c16N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
55KB

MD5
c956af16a3925f92128a57bdfdf02f5d

SHA1
2cdef70e3db581e6ff15600871a49da0d15a111e

SHA256
ce833bf3fa5a5be78b0a0fc9ea115c6e373a3e40f3a0106bfacbe8964c6a1d98

SHA512
4a9a3bc656998312e7fdfcdbbddaa0f7c1a7a2949bc449933e2d9bd1b490f4c84c82072edb262e636a4eac253fdc526348901f778859bfaf2ae1c80325eb5078

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
595d36554b39ed1d88ea447cd723b77f

SHA1
8319e2b5fc4e0fb58138d38b527adebc906cabca

SHA256
64477e5d0073af32c348c7a36d31f688b27c11d60551976a60c175c42be2afc7

SHA512
bc88411c43376706b89d442f7bf2aef5bfc73c221da53a12139603da85e7f1dbb83804159b9497382e0c79b3fd9cf31e0a25a8856f66d88e11e8a33261c3fdb7

Download Submit
memory/2680-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2680-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download