cb2d156ce20210c89aa8f0e8c8da3faaff498a12c979515da3b3eb5922005955

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 19:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2eb6f0966c771e8b9333377ceda00eb0N.exe
Size

58KB
MD5

2eb6f0966c771e8b9333377ceda00eb0
SHA1

7bbbb65d9dd7fdf97dcdf1bdb9d4fef73e62eb5d
SHA256

cb2d156ce20210c89aa8f0e8c8da3faaff498a12c979515da3b3eb5922005955
SHA512

ae004b279a9907cce2323f15b1a41bbe138dafc850cd3a5f1c172d06947928b2c45fedb2ee338e6b752ff92703f976031d67b08106cf388d23f55a1dc6b7ae96
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nyQG+QGs4U5W5Q:W7ZNLpApCZrt8PWGoPWGANdNyky4GIQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3348) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\PushPop.scf.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	2eb6f0966c771e8b9333377ceda00eb0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2eb6f0966c771e8b9333377ceda00eb0N.exe

C:\Users\Admin\AppData\Local\Temp\2eb6f0966c771e8b9333377ceda00eb0N.exe
"C:\Users\Admin\AppData\Local\Temp\2eb6f0966c771e8b9333377ceda00eb0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
58KB

MD5
004011ee0f246338b7bd4e0696f0be87

SHA1
f6dfc90e6a9d0729d00fb2925c143d4c6fbb0aae

SHA256
3d1947d13930d59c4a1c1d594f8be6d32b54e012b39daee3d55bd701de05c5d9

SHA512
8355f1879b37f3f923d2afa422e16bb46b3359498def62d9572ab8c7559b0012d39d0b5746319cbe5d29b23bf289c78f941299fbeabddf90735a7919958b9806

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
6f62af761a3f71408c7c46393fcf21f7

SHA1
71ebb570b2b65d2aff301d50679073c75dc1bacd

SHA256
94bfb1226f4813ad97a016ec1404334246af3a23baf236a6547d592973231f9a

SHA512
9dbf905e963fee54aef665ebcf14925de0a456058693b7a598a5dc347602f1e1f5dd745de72dfaee81b68dad49635d11fdaf39fe091a4ad3cec122e0f7e07865

Download Submit