16a3b2cc561901c84086c2b890f6cb4c18331b2d65baf6b552fd669513a98c06

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebc7eec66bda908c7cd04e1c6000c880N.exe
Size

56KB
MD5

ebc7eec66bda908c7cd04e1c6000c880
SHA1

672d8adb34c45294347c1b3645354311ca9caa6a
SHA256

16a3b2cc561901c84086c2b890f6cb4c18331b2d65baf6b552fd669513a98c06
SHA512

76ad26305b7998f2afd88e18861753e712fdce60dbf75c5dc4522d99ed77319f8ce6a2c5d98e98f231e9c7713b2ea00d1dce4459a86a386212f55a47d3df060a
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7lSKSW7afHFCSW7afHF4NhZ8bwhZ8bz:W7ZhA7pApw03vR03vxSKSWu0SWuG76

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2928) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\ConnectUpdate.css.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	ebc7eec66bda908c7cd04e1c6000c880N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ebc7eec66bda908c7cd04e1c6000c880N.exe

C:\Users\Admin\AppData\Local\Temp\ebc7eec66bda908c7cd04e1c6000c880N.exe
"C:\Users\Admin\AppData\Local\Temp\ebc7eec66bda908c7cd04e1c6000c880N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
57KB

MD5
3d960f05ca1ef79cbe010249088ae266

SHA1
04b3829d7f57483f8948272b4e28332c2d6eb0ee

SHA256
0bf4651ea94ab7dbf5b86280832689e266424dc1d4dbd4acb31255df5e0dd88b

SHA512
dbc72449d34d3c685292eca0723a0db49440d2b3eafe0713a6a14e1bbfe68e55c8f65d4d24ae8ddbf739979fa8631d50d07c76e290fc659b243294881c766d3f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
d3ca02b33348d2156f7eb9709f8a53df

SHA1
85c18b761baae6fcc131d2b0917881599b6e8654

SHA256
c04d24010688ab8663b28d3a6351a1a157682c1973c28972e054c1d5faec2598

SHA512
7f0d81b455e0345cd53ccbf2e2c5796c4cb096767e6af20b2832703d4f20b7b510cc74ad2920ba1b4c6fa64826fd41ba78fe6492cb226fd2a341acc4b795ae00

Download Submit