e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
Size

64KB
MD5

425360dccfe019fb714ddf6906b4116b
SHA1

3ce48a4ce5c35ca4bbd3d49cad98887f87918d2d
SHA256

e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00
SHA512

7b7f6a76ed9e12a0b694e8d0cc2089655d198098865630c312fdb1ffb5ec98c595553ef4ee8ff1ad5c5e749dd7d4ebe2bee1493443e2ab390d26687a454f4978
SSDEEP

1536:W7ZppApBULcfpHLcfpX2/Nw/Nwmxmw1we:6pWpBwchcV2Wxmw1we

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3701) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\settings.js.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe

C:\Users\Admin\AppData\Local\Temp\e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe
"C:\Users\Admin\AppData\Local\Temp\e53f22a0c6665987b90642f84f5da54bb45ae7a716c4e7cb8270075cde791c00.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
64KB

MD5
63f559181d18dbb29fa0071c478a415a

SHA1
6e8240b226d215994e056f7044b5154ef0863c32

SHA256
d1a9669f568096d35239485a7eb0ae216fb52f79e77edd74deda5c2d3da83125

SHA512
ec00ab258f8b4ddd004a9f8e528b07f70745ae4b90a51e11c22705dc24d5f1113ea2aaea0ad0b08b5bcb0da0c169aa345bf3eb7ac904a47670cd7d4bf78b3a59

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
73KB

MD5
c27ef40d82bc0401eb4248e5be6ad6d9

SHA1
605dbcb923b988533390e4c6630e8adcfe1611d6

SHA256
c5329bf907b003b818aa80f8a13b8313cd9d35398eb62035567a9811a0f40b41

SHA512
099e505be4aff8e3a205a4bcb2c87baa9323a2bdbd51576cac3413de3af1c189e93ffb304499dc59a83d4daaa5e81afeff7811cc88c616fc8deaa1e1b9c9f161

Download Submit