a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 21:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
Size

65KB
MD5

34f23b81612c406c2c646e6f2be72d90
SHA1

3368555426ccb1fa9eab976c7a1656bbcc64d359
SHA256

a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61
SHA512

b7318ded9b1d59e1bdfe7ae134b8fd4533d59cb9d78c1f0934cc8cb54d3d83c070f45a23b13c5317c181399fde55660ce238c474449a1de4e21119359a7c2dbe
SSDEEP

768:W7Blp2sspARFbhJpupZ5pZ4+fTgTvlK1lK6RZR+8/8gClurYClursF/MF/0V0s:W7Z2sspApkZrZ4+fU7lK1lKT8/802cWs

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3111) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe

C:\Users\Admin\AppData\Local\Temp\a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe
"C:\Users\Admin\AppData\Local\Temp\a6e012d989777b375e015a9cdeb97dc5ca9a9491d5f70d4d3a2a90b319461b61N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
66KB

MD5
034e3459bb7244f5cf3f038abc4c4b6b

SHA1
00000a6c0727848ec76021e1db6e76fca8796c08

SHA256
379846ffaa3c224dfc9fe748f9771405bf244b0cebc623ff97e94c407652e7b9

SHA512
247b6ed2f420ecce6df962247573fc02119659d16b7f131fded1492962c21e8183ab51e6fe0eb06a1dc0d655f588c435099d746d61bb9108b23990601a512a7d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
5d5bb993aa0a2139d71169ad74b47b4d

SHA1
91e1383d4aaec6c6392cde6639f7f18cb648ab55

SHA256
b3b06d4a8cf1c289d41f5a59acb5239d34f0ee7463ada8a30f26cb04345803d8

SHA512
f1f5df4df95f4f5629af83c9f9d2c2a0b143649f066153dc09b49c8c9105956b29993cac70261c7587f307e378a59622ccc43abb0a27b3ace15b9973e6ed423c

Download Submit