e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
Size

88KB
MD5

0c7df236b5b8aacba66f83edd491a546
SHA1

e6c5f0b0943edaa0453eb7985d18b116a4d4c0fd
SHA256

e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16
SHA512

4e711156474b49b30e7760eb8ac11b8a7203e3cf537fbf05a1a0d91eb0549c9d3dd858e60a201feaf3f472779caeb9b1668b78013ebccfd65fab99a3878b8411
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzYAMO:6e7WpMaxeb0CYJ97lEYNR73e+eGGrMO

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3518) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe

C:\Users\Admin\AppData\Local\Temp\e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe
"C:\Users\Admin\AppData\Local\Temp\e88f41a124d9585698f1c208b35a68fb9b1caaab4ef63c0414bc98d065cf8f16.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
88KB

MD5
4248be0c7a676a61468da4dcaef8d8a8

SHA1
e08fcd32e23fe49f572660029806370139135306

SHA256
893775a35a0d328e69d34a7281362c5208fb933b23cb75b2dcfc26a022859ff2

SHA512
c3e4f97ce11a74e3848f09d4b91b010012a42244e21f714a73eca76fb07b752037902cb379e6a0dd94b74d1822911cd9e908428f92fd4dec5e40809fdcb3f4b0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
08ea53c01cd2c4e3f765222d1a94fbd4

SHA1
735bb8ea5df9ff1e9812d0366258fc4f5b9b79ac

SHA256
83712324d77c2094c1a035126d854eb272a19999a2ab65e17d4b87b81b8d9f6b

SHA512
523f5ebf0a533e2014ef36bda528bd507219f09b6458495172a4f3ac683ddf2962d7287cbbc869ada01b1a5ceca8b0c9fdd2af839b119bba698ff53728c92e51

Download Submit