ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
Size

130KB
MD5

2323eeb43dfc97ade0638ef5cf355a41
SHA1

0de8d020214a5e1289507324c3df6e2eefc99d6f
SHA256

ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50
SHA512

5a0a29a066fac3ce6301fb5113c4ca9224223ad3a4313a1fa67969f1f5517a19170b4de5b1ee5efb48d31797641ef8729897f24e4b45fa471b1384f4e27da4c2
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBO8:/7ZQpApUsKiXBvzwvzXJvlwJvl6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe

C:\Users\Admin\AppData\Local\Temp\ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
"C:\Users\Admin\AppData\Local\Temp\ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
131KB

MD5
06190b6e52eda4723681264f5b108a94

SHA1
acbb91f06431fbb19ba2675ab9597cbf3fa41398

SHA256
18cdf19980caa23b66c0647e723b4a557ecda690240dcdec5fc2092ea24fe700

SHA512
ca0f1abcd637f1d3de0e167ca770c284c70ad03adfbeb9fc696480f8cab71a5b12d1d6fc0b5545890659e019ae2684bf891c450a04445481af2ac79f94b75c36

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
140KB

MD5
864fd6eef747bab95840c48986d3d5a7

SHA1
0f7a860ba07fc432572ab3afcfeae73c142f73dd

SHA256
02ade9d6370693bd3baf44174b04b8f94228fae2022b75134f1d3f26c9d56177

SHA512
fae148b6e4a0ae2c0fff428e32d5e250d51312d7f4569b61b0f743063382c003cbd4f3d8faf8b4a4273000ea0089f659a18d51415facf201e147e2a2ef7b9b03

Download Submit
memory/2240-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2240-560-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads