e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
Size

106KB
MD5

54cb13599d967c59ca26d64ba88dc515
SHA1

a7f68a9bb1538d3af1e5581b68479d6cdaaa3a0a
SHA256

e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25
SHA512

d6ee789ccd537237ddbd9319380d2b4ed6f1bf38570e21449366350a54226e9b0e3efcff32c39491da56060c1fe3180eb9280bfd7711b9b89027681852c6b22a
SSDEEP

1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggEpVp+ESIXosbosz1i:6e7WpHIyRF9ESWu0SWuDmmSIjX8

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Defender\MpOAV.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe

C:\Users\Admin\AppData\Local\Temp\e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe
"C:\Users\Admin\AppData\Local\Temp\e63913910606dfe4a9b2bfd872902141b24cde316fde3b0954a7c4003e90bb25.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
106KB

MD5
0ad88ab66191214003d9e42a4094b901

SHA1
77c559de1705f30f70fbc454b226904499ca12f3

SHA256
3779547810cc67ae34a29aaf6d7171c3a550a31c1664acda6b621b257e3f5e7b

SHA512
7321c43f35dd58721e27064818e107f5503e9b7491037c6a08065617a2f2e97c0cc5fd2b850dc40388f656149dd3a8e014a765294abccbaed85a4071debfb4d9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
115KB

MD5
f6e3b65e4965b6c8e259cec1d6068ecc

SHA1
91378c11a0e433750cea6064f27de88285266dbd

SHA256
e649e2ed223f53f621944219b9ff80cdd9017c024b4bee121ece0c4bea15e75d

SHA512
9fc05ec6dfdcc2237936227d81d4d345237bb37943c0db399e72557c056d7b73a9222207c9e3bbe38ea18cee36e34d3f7b1438acc7a65141ce345246b83facc9

Download Submit