c4b004ad8c5fc2c0f9c965945a705ef39a268f01e9cdc69761985db27bd40abd

Analysis

max time kernel
119s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef977be666beb52edc4421110c4e13c0N.exe
Size

191KB
MD5

ef977be666beb52edc4421110c4e13c0
SHA1

adbf668a1508ed1b5f27a55b49edcaf5d0b5d919
SHA256

c4b004ad8c5fc2c0f9c965945a705ef39a268f01e9cdc69761985db27bd40abd
SHA512

e1f1a3bcf3a1635601adfc5d31cef7c0431835ab53fcfd9939857fb600d0124d00480a2379c9d99ea9c9299716b6e95607c2917fff4e9d00ffaf36d4a97cad4e
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBgnW59XR:RqKB+tOkWKR0iJ0MnW5X

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2810) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	ef977be666beb52edc4421110c4e13c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	ef977be666beb52edc4421110c4e13c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ef977be666beb52edc4421110c4e13c0N.exe

C:\Users\Admin\AppData\Local\Temp\ef977be666beb52edc4421110c4e13c0N.exe
"C:\Users\Admin\AppData\Local\Temp\ef977be666beb52edc4421110c4e13c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
192KB

MD5
996f203f469320af8464568c8b3199c2

SHA1
e478a6008298a9fae4d3c0aecf1fc22db185ddda

SHA256
0a8ca9c0e919494d5345694447b10fe545d260a67ed00d82d733846210b4c818

SHA512
ee9da89cce912acf9545e70f4c4a4842f39ddca6459e76634499f722528fc5112d37492656ad7ba1132bab7a5c199014c8eeac75fe7d530450f1d772c530b092

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
201KB

MD5
3f56d1873b2c4a9afe39bc39724b4f92

SHA1
6f67d6b9c9b9fbb0dfb51a6b32fa92fc54034d5c

SHA256
1647bb519ed4eb63e7475ca7d393fe20280e342244a0d21799e3a0cd13739521

SHA512
bba8392a893d621352f2a5b4c2b4c94a8f229027680989c93e657db5b14f0555fbc8deace55b76005fcfca9cd936cd914fea387f1ca74d0668d4a67714372721

Download Submit