b402b27525c4d0d9384e00bba8d508d7a9a0701720f26f11d5b8d9b5f742c915

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebc785702db2ae2896e0ca294bd30f80N.exe
Size

106KB
MD5

ebc785702db2ae2896e0ca294bd30f80
SHA1

3e7b53cde4941da034935fe984b8ceebce6bd16e
SHA256

b402b27525c4d0d9384e00bba8d508d7a9a0701720f26f11d5b8d9b5f742c915
SHA512

4af894cd515eadf763f7c89c7679f234e17d84ff8f34d09478bb8c32493d204af8da0d978f2e0a95ebbf420b6d5c492ac1ac192f9a8bb8dcdc1b807a9889d128
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7fE:RqKvb0CYJ973e+eKZOf7fE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2962) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	ebc785702db2ae2896e0ca294bd30f80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ebc785702db2ae2896e0ca294bd30f80N.exe

C:\Users\Admin\AppData\Local\Temp\ebc785702db2ae2896e0ca294bd30f80N.exe
"C:\Users\Admin\AppData\Local\Temp\ebc785702db2ae2896e0ca294bd30f80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
106KB

MD5
e07a137c060b97f9fb691c5025a21fa3

SHA1
7bdcd07df3c44969fdb350e8a82d975eddd4d67f

SHA256
bbf95f317ee16afb819f74d74f8a8fe401f1461259e64ba8f193c66e835fe5dc

SHA512
525b34735f2a9b05813ca6fc9ee2c848aea5d994f63d70297404f9592b540aebf400965950e2ca50126fb4ca1cd9931f2235f878b15c4d0aaf6a37bf5eeef515

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
115KB

MD5
e8b6263c6fe874780b65fe9fb9064a3b

SHA1
a2d0ab8627a2b60e908b9bc2ee36053e02efa22b

SHA256
5358b2c942b32c403daf7952f374eb518a7076b9cf64cff43c7571bd17a98bf3

SHA512
7e6365fd606f3dbb9fe3b488d8fe6f153d38d5f26119f0e3b421bbb3ca3906157068dbe3f3e8ce817a31fa6c0266140e1b62162c0200754262e0f98b200ff528

Download Submit