e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 04:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
Size

42KB
MD5

5a498910765185915b71c3e0fc233a0c
SHA1

476c954e804c239786407a5a4a585728fc3f2750
SHA256

e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632
SHA512

548e71cbe408ac1873e6851f8a3a5c96e49c2681a430f89074491e19aa9d7cecdcb3efb761950cc7eb30c8ba4cda1ef732c0ed9fcd14d4eaffa1479c0409c80e
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LObC8p8f+Y:W7ZhA7pApM21LOA1LO8

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3813) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Defender\MpSvc.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.msi.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe

C:\Users\Admin\AppData\Local\Temp\e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe
"C:\Users\Admin\AppData\Local\Temp\e64a3dbebcc3a258c6b0bcec05c542e2047dea7616ec1c61b85401e6bdb46632.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
43KB

MD5
fcee05a9be6038dc68738c7c81383c60

SHA1
f3b50215075517e4974643d01a10b0cfca43856d

SHA256
08ce5bf8cae06715b0a43816921c4e840bdd44ce5782ebcb3a04c693454f3137

SHA512
981418848d7e1e140eaa6652eefec4552b8d8572710185d5c27650cf823095d6ea39adefa9d6f06e9e08cf0f3b41f1533a51630ce45ffa6dd251a8246d1dcc98

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
add24bda7735a3c8e6f8a4acf038e56f

SHA1
7f1ddc5e32af03f1f2a4a0d0ebed01d08d84e2ac

SHA256
5443b23e9cd90c78430f470566a420c034a3507db8af28bc16970f8f0fc03103

SHA512
a575cd3758a08e32a2438a8156f47330e797da837a0f3139715670e8bb251dc1af342aa29696e4a3818f6102def949d74439bdac36a9afdcb80b8ce76dca2dc6

Download Submit