ee65e9d7a7bc9d17e894e0b775fc0bbfb35e72c65c3d768e34bfe059d521cc16

Resubmissions

21-01-2024 14:52

240121-r8syqaeac7 10

21-01-2024 14:51

240121-r8k8waeac5 10

01-01-2024 13:55

240101-q776kscacp 10

Analysis

max time kernel
123s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21-01-2024 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
Size

11KB
MD5

f4d8bb082b0d03efd6990cc2f4336165
SHA1

48abb4773cdc2c70ea90aa4f38a8942f8bca60f3
SHA256

e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db
SHA512

2fca524f0aa0f3bf9605f8a7007dfe14f1383f976ce519299fc0991a073d78961ecf1c1d84671016f8814dd55dcf78a7c8d1ebe86cd7f59c53f1874e8a0d65da
SSDEEP

192:5QEguYoCj6K4KRUZJqBEjTedm53AebdKS5p:5GOKRUZ9aC7

Score

9^/10

ransomware spyware stealer

Malware Config

Signatures

Renames multiple (1631) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableDownArrow.jpg.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\header.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Casual.css.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate.css.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\validation.js.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\utilityfunctions.js.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_off.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Casual.css.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\button.gif.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mib.bin.doyuk2	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1936	e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe

C:\Users\Admin\AppData\Local\Temp\e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
"C:\Users\Admin\AppData\Local\Temp\e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.doyuk2

Filesize
12KB

MD5
724fc8d3ce9e489ebbf91cd977e44ad1

SHA1
dfd1b501d6054009f3fa7f1868dd4b9ca11f02ce

SHA256
037c7cc72a7b145beb49107bd0791224561c602b18d431519a42e91682751d9e

SHA512
11cb1c27cf0d5f6fd413bb2d3ab38cddf6d9ce2b627dc85d42dc73c86a0d2ebee446689b87886b56bc9865fd009ea9969c78082724952ea6ef7632d41525787d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.doyuk2

Filesize
8KB

MD5
27f92350c261df0f508464ea2e3c38e8

SHA1
d2505b1750bf78f57e3cd11224379a50e2b1c8a3

SHA256
580e307d4088f80e8c65148d07e9020052304dbd07b3ff2cb526075981a66d9c

SHA512
ef743aeebf5af271105a2251d8f6b830073c552c1f49ec8bcc36b97e95541affe4de01017ea31f28cd5cf0eae7c2429e0bb8e4eddc6b370852dca848627f9cf8

Download Submit
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.doyuk2

Filesize
160B

MD5
c5a8f0ac248005b6b0ad0be6e10c4dad

SHA1
1540b272f7843b6e82142f0dfcd48e1c175dc461

SHA256
4baea01770139cd6c9911d0cc803e510af0ca3ec2bfc07293986cd39663500f9

SHA512
6ed9c1f4a8b35e48c0d6571bf3b7aa7673adfb081a0d3e26fad2e6ca0f1d7533757c8ba9289a5c74315e3e63fec4dab93605d383ecf94c86eb12b7fd82f361a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Warning.txt

Filesize
236B

MD5
2fa758d9985663438d0a8e439e7796bd

SHA1
8bfab4389532ef2bdf68ceea0ca367eb09856b10

SHA256
d5aa6c774404750f82c11d4e420cb3187f06f28eb1ff3a7579f184bd7155a7d7

SHA512
4bca2b8c187053969fba168cc5cfb6649657f4ef551c1ed35956a4e682284cef82e103a5c10f4b188c742a28222a423cd3206a6318d38bc3716baff1c1cb5c4f

Download Submit
memory/1936-0-0x0000000000060000-0x000000000006A000-memory.dmp

Filesize
40KB

Download
memory/1936-1-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

Filesize
9.9MB

Download
memory/1936-2-0x000000001AC70000-0x000000001ACF0000-memory.dmp

Filesize
512KB

Download
memory/1936-36-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

Filesize
9.9MB

Download
memory/1936-37-0x000000001AC70000-0x000000001ACF0000-memory.dmp

Filesize
512KB

Download
memory/1936-13543-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

Filesize
9.9MB

Download