9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
Size

57KB
MD5

3dc8ad641068a174b45b33b803c037eb
SHA1

b0c49e113152586ba6b2659edd57e1360fb5b6f7
SHA256

9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9
SHA512

0fc8f928db6010350eeced8e526900b4b708f6043d5877a3df8103f157edb32129042e0b4fbb6bca614b98aa9819710ab534d688168a44a8ff6202fa20ef57ee
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0Iap3gyaHq9nwK8gvgyaHq9nX:/7BlpQpARFbhNIiJwsJwwnZap9QKQr/A

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3743) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe

C:\Users\Admin\AppData\Local\Temp\9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe
"C:\Users\Admin\AppData\Local\Temp\9bae641995d628dcec30b1d22502309e1df24b4867459bccdfbe536f417cfac9.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
57KB

MD5
d8ba431dd38825a915c5967e8e1a3e5e

SHA1
2819042db8f6348b51c1af06f9f5aec86f71e70e

SHA256
46d14b62e86e8d6e296a21a004ff3055feb735dd995fdf31eb9b31a31fb5af35

SHA512
36e13afc0433209b1419d862c1fc746935191e21248583738313759692804c294854d76504f1021ac41cde3005b811e7b357e8ca1635f025c4408229c7635944

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
23397f9cad28f7e4d9061807954e9a36

SHA1
cf85a17d767c9862b0008c53aefcd297be239f31

SHA256
8120d590b3b2a5605393027199c5a015f16fc90ca4dbfad0c5d6b176eda426aa

SHA512
77cbe5e32cc9c9cae431b83542013693f42f48f66460d76626c82e4f40f020bdd2aaa44c269a78fdb87d529cf471386fbcc407bd25ebddb021142f3170168921

Download Submit
memory/1724-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1724-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download