efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
Size

49KB
MD5

65ce0ea32def27c198744b9bdedd6e54
SHA1

7a411f05f6a7cc078e51c842adc09e2305178918
SHA256

efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e
SHA512

f33ce8b063703eca1178510acd2022b9bf653b92b9360e8ffe7aa02f4e26be8fb4a2b58329589a2dcdbc2610e7a949460dd76961f3caf07178645031a39d3da8
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLcX4pNX4pRbx:W7ZppApBULcfpHLcfpyDgpupH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3785) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe

C:\Users\Admin\AppData\Local\Temp\efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe
"C:\Users\Admin\AppData\Local\Temp\efe79f67459c8ff935ad6408d64b72d3e6c4646703f7357b11b82cd6a7b8236e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
49KB

MD5
ac629bca0f425d15499ac8e8a50ef6b6

SHA1
fbf98c088baee280edab04844db8939072f43ee8

SHA256
10dc3baa3f8e71a63f90f572d22f161b16cbd4a4064ed9df94e41c0e123dc716

SHA512
91b37b5a769a694c9a9c95baee2f7614ad093d30cd94d825c66a2a34c151821b0d4681b4721413f8dfd32418dfdc83dcb181f9ff2cfedabcf36e37aaaf884625

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
08e3529fcc467d1c0dd0cf0cb6b4f218

SHA1
4e9e690a2e2b44e67ffd0318ec2834b734501a83

SHA256
9dce21cf4aede3f47aaed12bf4baf2370fe3b2657979a6b3840cdf4d761c8797

SHA512
5e6f42408841fa61022a440544403ec2dd8ef20954e13255991b1c36690ff16ebc73300797522d68c09337244d3e199d39f7846de219b1f0ac62d4bb981bea4a

Download Submit