efebfc794763569a20137151dc174fab07e2f233f2fb3bfdc63b64d9d68dc783

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea34ef95f49ac98e6cba016a47db9240N.exe
Size

83KB
MD5

ea34ef95f49ac98e6cba016a47db9240
SHA1

4d9f15d3f7d3fca614baa147ec7dd9d17edc41c2
SHA256

efebfc794763569a20137151dc174fab07e2f233f2fb3bfdc63b64d9d68dc783
SHA512

6f249fed33f0425e50663ff48f7283056039756ea1595c05fec57580d2242ccc45a628ed4f812b9632e22a254e4f47612072e96669bb8daa7bc7139c28f21517
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eTdsdTTXTs:6e7WpMaxeb0CYJ97lEYNR73e+en

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3090) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	ea34ef95f49ac98e6cba016a47db9240N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea34ef95f49ac98e6cba016a47db9240N.exe

C:\Users\Admin\AppData\Local\Temp\ea34ef95f49ac98e6cba016a47db9240N.exe
"C:\Users\Admin\AppData\Local\Temp\ea34ef95f49ac98e6cba016a47db9240N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
83KB

MD5
dd16002a2a3ebc90601276efc205d09d

SHA1
2dfddf9a34762dae792d2a1b3bee0e7f6ef855fd

SHA256
9b3b7e9c4224897c9753fcdb263081a0798920f5e70dbba9346828c085ab004a

SHA512
f91e258d1a61e61630be0c3abfc16a1bc1a8defba2220e2663bc811bb6908e19f2c90661b972fefe9be57a2e00872ef69ad3723d3ee069ac688f4f8547c25b94

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
b85efa24004d03b51ff8a85a696f07e0

SHA1
88737766634c46a13b32ca3ae68e0b08141975be

SHA256
7f2d1b79a6f93144dbafe3b01b788b41b030a9251ed4d8407233410bc49c716a

SHA512
0e0eaf92b88f35ef69e3dafb6be51f514c416824c2559c88d472c0134b3a4316807e3e3fc798bb3ff2d73eaace3a6fdb14d4a7c04f1b439431a05b1566fceed6

Download Submit