9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
Size

71KB
MD5

40f60f062f5a97f05e68b612dc61bb71
SHA1

bac4dbcec900a72af5888cbb0cbceb5e74f91018
SHA256

9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8
SHA512

6ae78410e2219fbfa7252a14e563ee3df80f53edb0e32fe11d47abb0c8b88a66627e31937ca9d497d32d620f658e5656d1a4999dcd1abfc7b9269500386d7d00
SSDEEP

768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7u595QUhUey5vhgCy5vhgx:/7ZQpApHou595QUhUBgtgx

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe

C:\Users\Admin\AppData\Local\Temp\9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe
"C:\Users\Admin\AppData\Local\Temp\9a8c6fdf6b8fd62c279f230cf3eb7515cd052f9d7255324965191c7af1c106b8.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
71KB

MD5
c6bc42e5c3035b6eba32d621be650529

SHA1
aa29f84afd0c1cfde82880fce26dbf186f101096

SHA256
a1b63a968623d5d0cfa58250d10d7a9e1d0128a3bcd4c1a73f26c8668ccfad1e

SHA512
14d3a038282b8c7f0e424a9e12f5105061fe8374259607f23e10ed8b6540a89cbb0b3bf9973248e6021d978a55117cd292b60b33cd377ac513d83d9f262dc267

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
3716dec0261d5998ad97c9127159977f

SHA1
9d238b78862b5b101ccaf62eb199c89bf707cbb6

SHA256
8f3bd5fa8c0d6a9dc5d586d8e9f1e99b18415275975526558e3954b7d1c1509a

SHA512
5ab0a95f1dbcb2c9aacfb8f6ea7fb03ebbaa8f0a76d4db7cb29ff468a31769c2c08d4f5cb48788350b20faacfbae095db649895b7528dba9ff125114d4237ec7

Download Submit
memory/2484-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2484-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download