9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
Size

101KB
MD5

7fb22e3fb87f1073b325c4ceb206e0f0
SHA1

e8cdbc14ff5fbbd4c5ff2b273be972ecaf38ac54
SHA256

9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4
SHA512

566882d148d22f4da8ccbecf157b8f365e6cda35481efb5b7b9039de3792e8be3b4698516b2d09a3cae50ba97ec70d1d5fd399f61f1cf51fcc04d2671bc369ef
SSDEEP

1536:W7ZhA7dAynMdyGdy4AnA4QlcHgrC35rtLgnTVoA1:6e76ynpAi9InTV9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2837) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe

C:\Users\Admin\AppData\Local\Temp\9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe
"C:\Users\Admin\AppData\Local\Temp\9733556e5f593b859e77ce1157ec28981180e2f333dabf92bdb3fc266a6077e4N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini.tmp

Filesize
101KB

MD5
d24e0dbf544c2d3573f17a28dab09243

SHA1
1c53b703c43c2ba0d64b35ec6c5b63d9bf903f37

SHA256
35f0604eb798a72ea88616a445c386e544c6907402f427e54b5fc1f3b09b2b45

SHA512
cbe63909234d95f7b9c392fab898d2033d09c16d5242ee22ea51b12f50549d3d2832e51b2504f85094ded5d7691af0f3c37aecbefa73606f4b02b1c4547b2d7a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
e02baf726e90e1c3f8b44d245e2bfa15

SHA1
248488bd65705b5311bfd3abc5c7a2c20033efc2

SHA256
5321dc6daeb5c34d62820f4cdf5df60bc82c7cfb0227eef3dcad2b9f5b816ecf

SHA512
cf18a2f2e26170fa37140a3470fece7ccc52eef683bb88cb4ee9e517ef2cae740807569288475e43818526460077f99241064c25ae901ec2abfa722c10fcdc56

Download Submit