1ec8f6fbb612bdb542b6d264fb935fcd6bce3c824a7b9f6dc210a46c43d72d6d

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e6e320a0da7862d73490a7c0e1bd8c0N.exe
Size

39KB
MD5

1e6e320a0da7862d73490a7c0e1bd8c0
SHA1

afe7938f372fb02a7c8277fa48f19369502823ed
SHA256

1ec8f6fbb612bdb542b6d264fb935fcd6bce3c824a7b9f6dc210a46c43d72d6d
SHA512

40d0592a976448956f0fb1ced6cb0455c18e2b1a760ab9bd75aabc4c587d2e764e61aa1d40b831eda02305181837db6d5973854768bb0ec42ec01d8759ab141a
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLm:W7ZppApBULcfpHLcfpyDh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3164) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\BlockCompress.shtml.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\SearchGrant.wmf.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	1e6e320a0da7862d73490a7c0e1bd8c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e6e320a0da7862d73490a7c0e1bd8c0N.exe

C:\Users\Admin\AppData\Local\Temp\1e6e320a0da7862d73490a7c0e1bd8c0N.exe
"C:\Users\Admin\AppData\Local\Temp\1e6e320a0da7862d73490a7c0e1bd8c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
39KB

MD5
d1381ed243db27f6942ce556eb3ed912

SHA1
0bf5503e55c9bcc44f24b732fe5d366c9c5738ec

SHA256
301df5bcd6d29282b74aaec5e4512c484bbf9100f46993ed0d762da849e6c565

SHA512
0d867eef9623d498ae00ff4440153cef6ac33e27f5e2de78546738cde60b916661e9c94f72451fde162d5649589dc4538eb8469d7f0dc810390f445dc4cd5eb2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
7e6223ae0dd6a2b16c99ca51fcf75a9c

SHA1
ae708c8957b16b916236ec8947d4d92659b74c00

SHA256
76ce8338bafe91764cb647cc9eb39d8057d6cc998ac92de17fc6705171f4afc1

SHA512
a9675602dc768d8e68fa3b15d58c49f568f8394304ca787f558cf9db1a9ce9a367c34c526a114cf46eb7317e11e95a5b5e901e6e37aaca8fa73bb2da0ab3cc3b

Download Submit