ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8b

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
Size

46KB
MD5

42d8eff302dbc8358feb4d787a19bf10
SHA1

13a11a84b2dc6261ab0bf10c792b81cd0ee3426f
SHA256

ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8b
SHA512

41495dac38a6c545cb98fb86835ab66e32fd6a06054189354f105ee0db487e336553b2d575a0ce764707a375270001787d769b5a154f738de69f58be06022f79
SSDEEP

384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJilqGelqG4K66CPK66Cux:/7BlpQpARFbhq1KtGFGxNCSNC4

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\release.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe

C:\Users\Admin\AppData\Local\Temp\ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe
"C:\Users\Admin\AppData\Local\Temp\ed880631e82fba13a8cff968cd177708dcd3ddbe9e315a7d7440eb9c7ac8be8bN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
46KB

MD5
61a043017207efb4ae11e821b0a0382b

SHA1
7f218f728626ba9b03cdb710d8a7af46aef0dae0

SHA256
dd16731a3d39154042bcd988153e732633567049205103c9f741a55e2a21af50

SHA512
45eded3b54292e1e81ebf55d5d74931eff2f50349351953d65523af889cfd1b365706c966c31bc710639484802ed7de72cb2e5823a99de3b7b8c28c1711db05d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
5d4f0700b79c57e877397cb4f18fd42f

SHA1
36f8e846374d95603882752f6a49f52c9fc18aab

SHA256
ef880045fb5f8d1a304d9dddc1135166a40b4601b7dbf322f4fc5dd17ffc3b38

SHA512
27f4f85d670eef8f57b07aef47c7a75f85d272798d2fddb717d492ca2431ed957a7dd9f51499eb7ee395873412911c6128397821d24d3a9065019aad37955cdf

Download Submit
memory/2296-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2296-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download