e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
Size

42KB
MD5

47ca3e27df241b211eaf42bc68ce681a
SHA1

2a233f6f4d8bfdfa1355e4dbb23b679145f72ea5
SHA256

e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0
SHA512

f5fd2aaca24cafe775f3ae4c5d4699e1a756357a217b2e56e952f040e4f1b090499d7d90fb21ee4c6c552460d182ed92f20068fbb846211eeda2742f28fc5f9c
SSDEEP

384:yBs7Br5xjL8AgA71Fbhv/FzzwzDojo4jZj8:/7BlpQpARFbhNIDojop

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3776) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\MovePop.ram.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe

C:\Users\Admin\AppData\Local\Temp\e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe
"C:\Users\Admin\AppData\Local\Temp\e787f703d877b9aa0c7724fcc5d6d996c0c152f0e553e22d1e6c61429b1178f0.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
42KB

MD5
82487ec63295fbfd8f547a1dc38fb640

SHA1
17ae2d71bbd893e254270a0dc18c687aa8f92dc6

SHA256
9bfb1394766dcdf4117898f7aee6de0adbc1a0e711f8bdafe98bec6c61322e1b

SHA512
f6d3508e51da45d78b9b3401c9788739fae0379d54edc15ad97ee7fd0252c65f6d9219da40a82ac764414c953b78f013014b47b733b6baeaba24e814c3b30357

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
f4f93a4e78f4986517abe97a4f30b1a0

SHA1
bb66f397167b08eeb0a457541de7ac9830ccf32b

SHA256
b2be0b9a82466723fd32fb4a88a07af3e5c74944a403f06a22e88e4cf2fa7549

SHA512
f2389ec04822fe05925c475e922e069f47b8dbc234a71c5ab32c5d87e40e3cd0862a3d8207c9d746f982c6358170224aa5f277e080dc37cf93b2742cd369e597

Download Submit
memory/2988-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2988-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download