ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 06:11 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
Size

77KB
MD5

213c852ea6d6614a4e0916dcda3331c0
SHA1

89e08e46de4a939c7fb44887a2c479e360bcba5c
SHA256

ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5
SHA512

42a880e47304771392a6fa390f17871ea5997f63ecdc4cba7d9003f3cfd228a061017a4079e922ae7cc708a07a9d8fc3891804206370094586d0adfc0304a6a8
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZv1+CdwEbdwEf:6NLWpCZIzjwHwt

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1031) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe

C:\Users\Admin\AppData\Local\Temp\ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe
"C:\Users\Admin\AppData\Local\Temp\ec32f8fd9bc1a73d77291bdb2b41d11eb017fe859c0a7d555c3105a530c54fe5.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
77KB

MD5
aa3dd50a49acf0a99cf17ed04973225c

SHA1
9b9178336ed02f958ea4f783674399863c9df981

SHA256
337947ef3f18595ca4d0152384269514ca84c499544c66eef334ec9d483497b3

SHA512
29dd275ed84899e6f1c287bae758f9c24463bdcadf357cd2200bcc45a04bb267a41e4ce0716b6b82f2e8b3f81d6650042b413d74beed5b1d9adbadeb498025f6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
4b9eae7e17b3a2bac1e07bf922d6de83

SHA1
897705cea70bec222e5c0a73bb8d1d5fefdc6ec0

SHA256
883f9764fc756123f7ba7c5a773bc5917c6f82866e820e84d43dac785ac740fd

SHA512
6694afa90d1ee1c071ec492db57f72ebe0f5244acc723e68de8ce4a501fec01ca651e809bdaeb5fe4a15f1e1707fe3484d11f459234066e71bed97b60c3f03da

Download Submit