e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
Size

51KB
MD5

8d87ee478edf2988dc88f8b4a621664a
SHA1

ce9b517dc49d9042288596c83261fc51b6eeeb19
SHA256

e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210
SHA512

3a6a1e57961ad92fd88e5ca3404d2b7b0464d5199be4add8a94f44c2b4e928fe3cdd31f8d221065fa3935eaa929abd29ca5bdf2e0b7904e151c81a3ffc3ea609
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/FzS5c5mxqORP+tY/8q8Q8drVIJqt4:/7BlpQpARFbhdS5c5mxqORgqu3Ft4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\MSWDS_FR.LEX.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACER3X.DLL.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.log.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe

C:\Users\Admin\AppData\Local\Temp\e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe
"C:\Users\Admin\AppData\Local\Temp\e500d03eb3e48822d479ac6d685d7945e91175aa61ca9380b26605337124c210.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
51KB

MD5
a50c437778bdd6a3d5c88c96c9e50ca2

SHA1
6ce886ec4e162539c5efca7c85fa36e15d2924d8

SHA256
58187d3b2663b20ef9138ae6b61306294dbefe0b4d2cefaf2e055a2ca6fc9e79

SHA512
1adab7d430ec3dd295cf97e098029e0c7ffc6cd48ba0c37110e86e66ef7a5ce0d700683badccb299def49d26ff75f75e834535c0869625fb4748ccf537e5b93a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
aeb94fccb9e11f6156125338fd4b2f81

SHA1
0734dacdfcc372f53ef8a448065fe0cb862ff71f

SHA256
7dad3a3032e4f549e1b6001a23c6ae30fc3bdce8f9d215208b88914f6ce8be36

SHA512
75d048675916e59a8307fa89acff0b098d667c70966921ebd3acab5854120149e86aa193f4ea41abf19df33614a32efe717698c5e7c4e84649adea44659fd3df

Download Submit
memory/2372-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2372-666-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download