e15e7fc70a4e57b6e95cce5ae6495a9d9cc08da28509966077d59688f9b03515

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025c3e03a29cb23b61b58792c95dfb0N.exe
Size

44KB
MD5

2025c3e03a29cb23b61b58792c95dfb0
SHA1

24d7e83d36f5bfd915baec364f62a0142d36da27
SHA256

e15e7fc70a4e57b6e95cce5ae6495a9d9cc08da28509966077d59688f9b03515
SHA512

ff94d2a9d34c99af8fb8592e4e7d9de12c38e67b99d12ba7427ba404b8da54a8d2488027725094b16fa46b8e84d5b31a0f3c03a9a22616f8d8970fb65903d229
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5n4fZ9Z34fZ9Z0:W7ZhA7pApM21LOA1LOrtkpt60

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	2025c3e03a29cb23b61b58792c95dfb0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025c3e03a29cb23b61b58792c95dfb0N.exe

C:\Users\Admin\AppData\Local\Temp\2025c3e03a29cb23b61b58792c95dfb0N.exe
"C:\Users\Admin\AppData\Local\Temp\2025c3e03a29cb23b61b58792c95dfb0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
44KB

MD5
4c17c2821016461a1ff8e2b9916be672

SHA1
1b669a922cee09a44fd40a33c63f4b3ec571b8ab

SHA256
cffbb9f9395edc1709bca50d62843070243f8c0a76f6acc164dac0bcb118efad

SHA512
f84a18533cc8a9094ac263e4ccc25f95b48cf6cbfd48cf371566560b1fcf44e2f2ff2ea0a2b6fd88f8ab1efbd224cf24c33a58c0754a09b25c59310fc53644d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
f2c8589b27211e5c1fe2279454eb04ad

SHA1
9a50f33bb359ace4214bf736dfe5e247411aa6e2

SHA256
ce5d83a05e454656f4de5d1287acbb119e1b06d42362f78b5e0d81550a5d3dd4

SHA512
783dd04d40c215f2d786b0aed973014b4d535a8b26857107b34f25dd1183e34fafe70a74139812baf61d1dfea253d166b3b3d6acc19357a621b3c2bb3d584f64

Download Submit