e1fab8ce13ddb1268460151124328f5efefbd6ab5f4eb485a811645bc41577a0

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

763ef444738ef8daf6811fb0718e8bc0N.exe
Size

36KB
MD5

763ef444738ef8daf6811fb0718e8bc0
SHA1

41d65fb54d1ce8bd29ce85cba43ae4356a73d651
SHA256

e1fab8ce13ddb1268460151124328f5efefbd6ab5f4eb485a811645bc41577a0
SHA512

a34debe2eefd1c71c18b57717b44d7403793cc718439451978ed7c626f60234b05ed13244eee30632b96b1ddc37d010d89889116c8731d47fe224259a0be44a2
SSDEEP

768:W7BlpppARFbhjbhQYjYY4F2j3TK54F2j3TKm:W7ZppApB1W5Wm

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2642) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	763ef444738ef8daf6811fb0718e8bc0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	763ef444738ef8daf6811fb0718e8bc0N.exe

C:\Users\Admin\AppData\Local\Temp\763ef444738ef8daf6811fb0718e8bc0N.exe
"C:\Users\Admin\AppData\Local\Temp\763ef444738ef8daf6811fb0718e8bc0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
37KB

MD5
b7be7ebf238699ad4c512048645a5ee6

SHA1
9317ec278fb798f8468c833be848b691df116326

SHA256
24b9091f978e588b1859377fe1de33c78e47d96600dd87b99abf5f6968c61353

SHA512
ac79e9dfc3453bf3bab76a1b908120a1915b7cb1ca85136e5fcf19675ab57919497ab9a2e58792823346b7ffd355775b78d94c88d0d333907a96400cd26ffe21

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
1e362dfd5297c4456350d00ceac7f3d4

SHA1
8afff1ab30fd4ee4f47241ddeb6a4ed526ca8163

SHA256
871d6d2cd05bcb5f118d13ba582adf940f430cc0eb6ee127e5ac39b5ddfdbeba

SHA512
5b2adcc5bafdbf017fc4103e36c73d85a09876cc8f041963ed131af18d4bdd5c6659a60fa73a900ccc17d87b9e14aa803126537ff345f6aa67277cae9c994671

Download Submit