e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c

Analysis

max time kernel
124s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
Size

231KB
MD5

41cbf5bdb3b613317d2e7f78175c5d51
SHA1

18471178d4daa0f96d4b20563acc54223f46ad73
SHA256

e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c
SHA512

3a464ca6e2f061b8eee082b9938823f93045218c24dbc3251b1fdc6a4013cc132544a6f2f31e355ff2f3973f4c4bbcc0cfb71e35133a964e9de69a375a3f1079
SSDEEP

768:W7BlphA7pARFbhKKVeIuKVeIBt+OKObYhnKhnZS+2w4Vqx0VqxzFtF2TZE:W7ZhA7pApBt+OKOsZKZZSjw4Vc0Vcb

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2644) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe

C:\Users\Admin\AppData\Local\Temp\e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe
"C:\Users\Admin\AppData\Local\Temp\e62845dc1cc79d2efdf3684651f5a211a502aac909ab5ea0e0552c3944d1886c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
231KB

MD5
64807bd5b10a869b70709c8f7791db30

SHA1
ecc4aa19006ee1a053055f8f7e344fc5ae24bcd4

SHA256
7b1ff63c3f32417d5beb82efa1322eb7eb9705c232ca8897d485d98f680e4927

SHA512
63cb32155cb28287bec12b411cc60b36e4c2d6f5d3c4ae2e2b3669372167cbabb3aa5cc3ce0bd7ee8e494fdcbe7d70d4d113b06ce091ce0be3774498c17de631

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
240KB

MD5
6cb803d7a4f3f01b491dbaa0c6a6673f

SHA1
c91bfb3952e4c905ff0692c1ca4e405ba2f550bc

SHA256
3bf4efb517a25ffe62b1fded8fb3bb7d0676c8fa28c17b31c54a40989f04154e

SHA512
605ff3002b3bc3fdea4660dfdac4623e4c9341e24f5a50f1cb06b2ca1e06bbe4de608aee4206d95f819b8b58ed21bfcc8fc1565507595bdb05e23a0342112774

Download Submit