14f8091146b9f07c15d7fce4d16387037561c35b7ada9bb20dfe2c73e1bf7562

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5b62a3d73316b9fb34f32d34d8acb80N.exe
Size

89KB
MD5

e5b62a3d73316b9fb34f32d34d8acb80
SHA1

3483469376667c445a6673cdaf2c88e5de3ceacf
SHA256

14f8091146b9f07c15d7fce4d16387037561c35b7ada9bb20dfe2c73e1bf7562
SHA512

1b142d407fad6fea8823fe208812d3dbc270b06f4cce2c5ce0908b34674aa4aa8580202c097dab1de544854f7837dea010f13573ce26f02af734b82f87eb3324
SSDEEP

768:/7BlpQpARFbhiWb8naOnaBGNB3NIw3NIH+3m0mv:/7ZQpAp/Eaiau3NIw3NI2m0mv

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3122) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	e5b62a3d73316b9fb34f32d34d8acb80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e5b62a3d73316b9fb34f32d34d8acb80N.exe

C:\Users\Admin\AppData\Local\Temp\e5b62a3d73316b9fb34f32d34d8acb80N.exe
"C:\Users\Admin\AppData\Local\Temp\e5b62a3d73316b9fb34f32d34d8acb80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
89KB

MD5
d04b18261e739dddfaea587ce7c7b79f

SHA1
6c8bab94dcc1204f081ce871825222b963e628be

SHA256
8ce7ff0ce6bee44891e9e41a5bcb0a77b27f94cf43b95fb259df978daf1398e3

SHA512
114336df91f711824a7ae07763793d16853d58ee52b67a16ff5486a9dc31aecdaca16cfc5ee23c85befebd9197e6bf244b8b84267c9621a48fc45c94e4db188d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
79a4bcd02371744c5a089e4932211a79

SHA1
7942bc6ed7ccd618c6b8de23cd74ff4fa0ad0877

SHA256
9dc57401b91e2ac882ed9c2e06b0c1c8e78db40997b6660b5fc416cd9a2e0c8d

SHA512
ab3c123a99e03e7e0c2de693f1c8d7ddb72252e4ccf5a0ba9428197906611dd951a6d944403a0fbd1e7870a172c9abf3e82007105d0b5462fd0b93bca10452f1

Download Submit
memory/2176-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2176-70-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download