1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
Size

97KB
MD5

6e1cc5cd5e345ed2c09e0c0ec804a900
SHA1

419c0dd7796850841a0a105f8172b9ca309871c9
SHA256

1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1
SHA512

ead50f27bb751e9b312adef66550e6d781fee20fc5e838075506bb75764c47c90793f19d71ed0f3e976516cdcec1d69edc7d81981a06d5e4ab52554b74e39b40
SSDEEP

3072:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9ih2x2x:RqlIyFESWu0SWu86jYh2x2x

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Mail\oeimport.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.tmp	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe

C:\Users\Admin\AppData\Local\Temp\1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe
"C:\Users\Admin\AppData\Local\Temp\1e5f84715de35183a8a62e50175681e72e56b1cee60dde08ff846b37ed7657e1.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
97KB

MD5
4f145912817e9db1b379d058b9a858f9

SHA1
b2be025ac4a2eed55e1d2fb784c4ba0ab6205a2c

SHA256
4b841327bcfec965c29561343dd0e4c30c9f1f1c02bf5d6a44bc67f9c8b2882e

SHA512
ef1fd9aa33c32427b4ef76b61fd6c0c46f7f7bd83f6637be6fc51964ad1e6c08e312b49192e4d72097c43bb987d9ba4264c99dd55d5ea58c0c07098c886b960e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
49c477cdd23996c9421c2d5231a351be

SHA1
48492d9a104a4fa87a3e8b21a47608244b282c50

SHA256
95601e3026fd9f73540f256afae42ff735f499de6fde6cc029a37d2a566a02de

SHA512
ff849aa83d5a984a8e7f9ad7affa45a6aeccb7a1f6c7ddc647b2cfef363de5f02cfa907eb6d2dcff20922d3920dff4c1f1b593879d18a027aaaaf799ff9fe350

Download Submit