4529298ce3abb557ec1572a2a73e1bc74df0099bc7d144c3119b7038f288f295

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e628e6ed749476353d46e2d69c755950N.exe
Size

47KB
MD5

e628e6ed749476353d46e2d69c755950
SHA1

7ab808950645497822155f8c57b10c01c5fe5abe
SHA256

4529298ce3abb557ec1572a2a73e1bc74df0099bc7d144c3119b7038f288f295
SHA512

4fc304c8bd534fbcdcbddf8384cb9deb697267828776a89e06116d1ab97077ce499ae20d4c78c7bc9d6f9cf847779c1a064b79d7e9fb9ff268d274ec657b702d
SSDEEP

384:GBt7Br5xjL9A7AgA71Fbhvnqj7jU7ubTAgpbuvx10AaIdKB7ubTAgpbuvx10AaIH:W7BlphA7pARFbhL801VvM801Vvv7GqSC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3417) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	e628e6ed749476353d46e2d69c755950N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	e628e6ed749476353d46e2d69c755950N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e628e6ed749476353d46e2d69c755950N.exe

C:\Users\Admin\AppData\Local\Temp\e628e6ed749476353d46e2d69c755950N.exe
"C:\Users\Admin\AppData\Local\Temp\e628e6ed749476353d46e2d69c755950N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
48KB

MD5
29349cac0c3e61e7633609233d449be0

SHA1
ee9c9cafc4048d9e6c985193606a5c254150b9ed

SHA256
47e59f372878d624093f764ad7a46061640fdfdfb91d90c5f18318611c331786

SHA512
21174d49b936c181e4a187e2c698dbfe3d0b24b92fddc930d7053fa5bc018aff6acd3bac6efc44eb6e85e4d7460a71600c2c19bffd36d6e3359071e311785a4d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
683a5c7de82d5a746407fab9fe523ceb

SHA1
a3b26feffb1ebe08810024009c7af2722a1c9395

SHA256
4d6643fac625c97719c6f39845058bad7b633a234ddff5cef6791eafc2638c7c

SHA512
0bbb482511510d73de4373ff4139d305e584faa61ae51e454ca9d5073f1c2bcb83c6dd4187f6aa11bb95f7be779cced62cd2853d5c81539eb1102bc48e802fb8

Download Submit