Analysis
-
max time kernel
120s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21-08-2024 20:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ebc7eec66bda908c7cd04e1c6000c880N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
ebc7eec66bda908c7cd04e1c6000c880N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
ebc7eec66bda908c7cd04e1c6000c880N.exe
-
Size
56KB
-
MD5
ebc7eec66bda908c7cd04e1c6000c880
-
SHA1
672d8adb34c45294347c1b3645354311ca9caa6a
-
SHA256
16a3b2cc561901c84086c2b890f6cb4c18331b2d65baf6b552fd669513a98c06
-
SHA512
76ad26305b7998f2afd88e18861753e712fdce60dbf75c5dc4522d99ed77319f8ce6a2c5d98e98f231e9c7713b2ea00d1dce4459a86a386212f55a47d3df060a
-
SSDEEP
768:W7BlphA7pARFbhL801VvM801Vvv7lSKSW7afHFCSW7afHF4NhZ8bwhZ8bz:W7ZhA7pApw03vR03vxSKSWu0SWuG76
Score
9/10
Malware Config
Signatures
-
Renames multiple (4637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp ebc7eec66bda908c7cd04e1c6000c880N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ebc7eec66bda908c7cd04e1c6000c880N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD53d31f25f8f7d1ca442987e89bb919ac1
SHA1a741c21d3dbf52bd16fee7fff9b8195512807592
SHA256587b0ab2da49e438583908f8266d7d8968ae92cabcf483926f660439594b887f
SHA5121f76152655ec0080f1c0b5200a2c94c3b08f744bb27e54f36adb9896cb9dcabc83346233f3287ea478186048873d1e0fdb9c32192cfe7355ae571b4423147f6e
-
Filesize
155KB
MD5430b0d422ed7e1e25fbafe00568bfb13
SHA1dc3d6bbe6ada1451070c4f29886cbc043d09ca5f
SHA2561982bf51af30e0f633537d2dfa30778b012f1ca52b08a283f4f9e84c1f4e6ee6
SHA5124e0a761c20d7c735176611dc221a15b6a17db9569c2146ef0eacdaba5322deee78b1f95f76336f40405320c90f0201fe5b3c6f73af33f6e2638d592198a006b8