1221f67e09befe7f1119ccdc20248b6d35c673f10eff2427a07ab683bae050fb

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 07:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ec85a182d3d1652924bb93ef047f1ab0N.exe
Size

76KB
MD5

ec85a182d3d1652924bb93ef047f1ab0
SHA1

88c0739782755766fcbd18481ba5021b035f041f
SHA256

1221f67e09befe7f1119ccdc20248b6d35c673f10eff2427a07ab683bae050fb
SHA512

17b3df1ad800a452b841943e3f95f71d3331df455ce51929829f6134424278fec590c12db16517a3ce93d9438dc9d261333874f2b495bfb9d7b2c43374e797fe
SSDEEP

1536:W7ZppApwEwnmJARJAaXxXNJdkCKPuJdkCKPALE:6pWpUnDXxXnLE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3149) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\SubmitNew.zip.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	ec85a182d3d1652924bb93ef047f1ab0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec85a182d3d1652924bb93ef047f1ab0N.exe

C:\Users\Admin\AppData\Local\Temp\ec85a182d3d1652924bb93ef047f1ab0N.exe
"C:\Users\Admin\AppData\Local\Temp\ec85a182d3d1652924bb93ef047f1ab0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
76KB

MD5
35ca712e2f3a5738459df0da9c3d8f31

SHA1
963946f0c4f2be2b511abc5664aec2367faac130

SHA256
e2cd36b31cf67608c0f6aeee1fc80c389998417025300c261f5fa85f9c9ea7b2

SHA512
64ccd6f531763bf4e381bd2c8734bbea2667bd415d19089125f3000e05334186198ede66ae3cfa99dafcc66328b4e06d795e0ef2b88d270eecb0570ccf838675

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
b143d386cad1475f02e17a5fac9f4b13

SHA1
2c80985d7c8da278f99ffe0e6e28303fa5e154a8

SHA256
de271fdcb088d86ae17b2a6a295560bd6a41a1444b8ef862f04f5fbf0ea4dd07

SHA512
c5421ea155aa5716c607c3e41d8a9a992966db714565d2464eb2a221799d4985089b9e0bb9c870179e71ba62da75d8b85e9deb081548d2de040dac0c31b66956

Download Submit