94b6c55f0f4ea1e09eb2294ba593000b808faa8538221d07d4c872ad8b136652

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e46a9625474b1ab09365dcf51b22b3c0N.exe
Size

71KB
MD5

e46a9625474b1ab09365dcf51b22b3c0
SHA1

d15d5ca5044f4fcf76859a7a1547a96dca65244b
SHA256

94b6c55f0f4ea1e09eb2294ba593000b808faa8538221d07d4c872ad8b136652
SHA512

20bcd8f8a69526232ce033d43c38daae7ba62e98cb4b83936fde943d03a26f717e5348bad90cd6990c321e671a7556406829614ab5767aaf2ed3008a0402aa54
SSDEEP

1536:W7ZDpApYbVK4vx4PN54PN4OHepOHeZSBT:6DWp7WJT

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2943) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\EnableUninstall.odt.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\RequestPop.ods.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	e46a9625474b1ab09365dcf51b22b3c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e46a9625474b1ab09365dcf51b22b3c0N.exe

C:\Users\Admin\AppData\Local\Temp\e46a9625474b1ab09365dcf51b22b3c0N.exe
"C:\Users\Admin\AppData\Local\Temp\e46a9625474b1ab09365dcf51b22b3c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
71KB

MD5
0a5164e546a5a488adbbf98d0f92fec5

SHA1
e8e25b5c4b679ed2ee9fc975ab8d9cf5e153d925

SHA256
99b926056c86d77e9e306796bc05922b6c41ae6a1894c58e568490cdfa943c45

SHA512
50f67e743d1c32a73785dab49ffc0b1a0c3b33b30cd6c3fe243db7ca7a8fd4a1e39da55e4e12d7118d4bb16baf120d4041cbb426b2c60aec9369534372598575

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
0b3de8b669681862ca4474235a46d011

SHA1
8014561e758c2016de0c2eee859b1e0e5743b338

SHA256
44b4bb21a44cf1db0330bd46d4f6ae61ea2b0ed121008f6d405951cd5ff6f833

SHA512
b37db1811fe5ca22ff9ae581a2237ddcc315ee67fedd23ffbb7fb3c3f6b4d9c9c5ec2bc735b4d05825d0ae2c179b56c37652d3b1ba780b21b9fe00b4d86e79d7

Download Submit