e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
Size

45KB
MD5

a0a3d1772ec7c5a236fcfe0622419230
SHA1

c03fe9b82fe41ebb1837b134ac06663ab8e954fb
SHA256

e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af
SHA512

8c6e03304a8b251e304dbdcfde98733f6f1930ae8f30657c7025b92c65fb4c690bf88b19c2c51f9a2b7e047fc7bcb6ec963820d5268e1b3587251904b918bc88
SSDEEP

384:yBs7Br5xjL8AgA71Fbhvg0U0Q0U0QW+xDx6:/7BlpQpARFbhIn7nhW+Rs

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3743) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\FindRevoke.7z.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe

C:\Users\Admin\AppData\Local\Temp\e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe
"C:\Users\Admin\AppData\Local\Temp\e9d57792c25439d5bf5e268ed36a747e5883e0085d438f7e31fefdcb15f078af.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
46KB

MD5
60af358bdcceacc75c59af4139ce7b32

SHA1
ff17b78de5da96678ada559306b09c1dc700c182

SHA256
87885dc72a6628496810cb080eae147d7e488050954f43498d0f9531cde9f072

SHA512
c83d8dcf8daaf0c4e7f393459e605a4e1772d233c2f7a4451a8a1c3ccd5f0aad76021be5fdeb9c0970391d4db56eaadecd05d320bc78cc07b2030cb03dbe9d98

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
f2b2524aeab81fa7dc4c86076f09f598

SHA1
b8201f09f1867ff5a45411480a992cd154aab67d

SHA256
6bd36a466aa1e717fafa6d63483917a77395169fe668bc212992b8fbe7335ee0

SHA512
35638b824d35bf09dd3d437285d3c5a6a20d4b486c04b2f709f8fec2c103a93c94360d9a9bd126cef8786899677900c69aac8df9e41f946ea8293c255c72cb00

Download Submit
memory/2432-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2432-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download