efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
Size

40KB
MD5

82f26e636206e8ff5eaa0a745935ca60
SHA1

8701fbf9883e0422c459372aaed01560d582f9e0
SHA256

efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38
SHA512

cacfebc960a95828cfa9c6616d48e145330c3a3e24d9b491c0a426db1fe89edd31f649b366668b8f349c3e77147ade78b0de8afb400bae094f96bdfd269b9e97
SSDEEP

384:GBt7Br5xjL9A7AgA71FbhvnwR/s4Nkq81LOyq81LOUqKqeU/v8MvQ:W7BlphA7pARFbhM0Kkq81LOyq81LObpQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe

C:\Users\Admin\AppData\Local\Temp\efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe
"C:\Users\Admin\AppData\Local\Temp\efedb16f62b64444e9e9b7f03762b8b6ab847b837cca3a40234b8fd701dd5f38N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
41KB

MD5
da2fa36c7d3ecbe7d0988b14e0374489

SHA1
7baac60e84d3a3bc6ec6942a42f54b584728d674

SHA256
01afc9b66a7719e3b0b38bf79c54e0477cd03a7b3025d33a0a049a6b36971c6c

SHA512
b77884eaa854862a486198a957025d560147b0dafec261dca33da4c77632f6c2604d66b8c3cf9293194a28a3625fc0129f6857120383a621f6c6038c3b7a8d6d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
9d28e6d4f8dabfb727cd339566f8c343

SHA1
4720d5a02d8c33c5de88e19e7e776243d3948ce5

SHA256
9aef09d496b18307d368045237525b1573bf327a0386265a51eb455d6ef3b617

SHA512
52724f831181604f2130db570a7da1561ee301a593a89166f9f052e725daa017113ae2e8cb445a2044a7bbf151251192f0934a928924b8733b0f2fcbec7635a1

Download Submit