e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
Size

43KB
MD5

854e354f85ce92cc623c4de1c2239240
SHA1

756c1b3f2cb9c3c84e1307c54561c630802dc4cd
SHA256

e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2
SHA512

93ccb3a9fedb6138673142f449d989b03bbea507f78dd206977a5d98fe68e7f5e795f66c79057ef1ac506f67add05c48e8548ca7144fd2fe54402f7eb9ff3d82
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNF2B5dB5y:W7ZppApBULcfpHLcfpyD2jdjy

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe

C:\Users\Admin\AppData\Local\Temp\e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe
"C:\Users\Admin\AppData\Local\Temp\e6ce1548be3959ca8d55269aa7b7ccd52d2b258ab389adc74c602125f165a8a2N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
44KB

MD5
d49c8eed2ecbf17edbc3dc32a462ab19

SHA1
cbb376e700e8f7a563b67a1e405d87d7ec078b5a

SHA256
1c2f47578335b0299f130f4ad5683b3108eae0a3d14e19def9268c6c606bedd1

SHA512
5c1c93567dca0eef65f198b662358bf70238b2135d6f41ecacacc2fe6c4574cf05a3a6b7b8ae7161880b3170885c3f02cbab3320a5d307320b1eaf1ef9244cc4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
61340f71e429c5fdc2028325d69d4807

SHA1
fbfbbee39884a9e26ad96c692badad7eb042e00d

SHA256
860305348d1032e5a5b947077e6e1fd03cc12cc2936e6353db885b6119e87041

SHA512
d122ec5c5652f9948c618cb12018f6f4ec8c12f53d19d9d0bc8f43d5deeb1fd9b88201d5c47c197b1fc7688813c57aff977d36f48c5e7c704cc8b55a07860d03

Download Submit