1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbce

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
Size

48KB
MD5

c96009fc4e5015b0d7824861a2b9c640
SHA1

8a2b3fa9ef32bb9d4c78c1ac58432b004a173b1e
SHA256

1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbce
SHA512

f68e81946fed99e21af51fd55b162130912105e03743a76c7a97658971c64b20a4e328380071202ca57621bf34be1f4b9f96c1dcd007f7320d7692e6e4e973dc
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1itvtBj9:W7ZppApBULcfpHLcfpSo3fstvtn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3426) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe

C:\Users\Admin\AppData\Local\Temp\1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe
"C:\Users\Admin\AppData\Local\Temp\1b9ff849f23ac8b17cb197071251c9519bc6306b3d6c4d1ca7848cf7c80ebbceN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
48KB

MD5
be8bf34878080bf270a8ab12d993ed3f

SHA1
d083002cfea810b751135f1f55aaa01e56bc252a

SHA256
01f1af8ff79fb531380b336e4cf22eb35bbfbddeb86ae148ac39c0d01f465041

SHA512
c35fdc68181ecda8767aae9218d27f786207cd738fd4a066ba2a6a1181165de8820b5ae054db936572033600a81f41959ee46f770928ae9ff02a1a26ba298e4e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
354e318450065f63fd6f4ff5fbdb3211

SHA1
986f14a502789388dc1021df2d222064bdba3725

SHA256
51c467be6a6ffcccdba879e7a77c6e254028201d698c1fbb08dc6026f8596bac

SHA512
f7a317a298f0034e3f2dc1676e4c43612c293db24d0a754aa4601a8334c4992810bafbcfe0af0e2dabbcc6c4dbf83e0ce86cc4bb7918896156d306395de6acec

Download Submit