e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
Size

51KB
MD5

8bad9f43cf8e5096fc32b51b654fcdc0
SHA1

b017936a5ca256363d0839858de546fb34edb56c
SHA256

e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7
SHA512

dc4499276170c254763d97b4dd2e9988723821966bf304ce19da095b829cc57f23b5664c60b773e5087b4afff0e58910cac2587e9557d9a03d2d0250647d3f20
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lz/g6sHzcXHzcC3OTHTKwJ:W7ZhA7pApM21LOA1LOl6l6YzqzV33wJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3740) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.HLP.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\WPGIMP32.FLT.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe

C:\Users\Admin\AppData\Local\Temp\e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe
"C:\Users\Admin\AppData\Local\Temp\e89e9083b960689d748af36cccf97651b7b45a9fd109fa613c94aee8b3c138e7N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
52KB

MD5
424601d15169553afadbcfb36b0a6186

SHA1
056c4b25accc2955ba3c2ca19f4cb72fb5dd27aa

SHA256
03b50cc4917654385826d86dbf371b9a270c9034cb2a7934f56fe1b51a5f3b6e

SHA512
1f9b8d51f0421ca6570c26b20a3a0965dd44f00d0006301def24fb3bf570cc132d3654edb1763303a5525b69923df6c3bbd1a28208998140688a5e799c44a15e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
64daa6199094e36c480f301bb3bbecaf

SHA1
5aa9d1927786bf5107ae73a847b226b8b6c944ac

SHA256
933f68ca28c9ff27a50b90f1f8b645b0ac81f359d0bcd49416fcf25f38bc32e5

SHA512
7468c988338c3d34a0065e08a8c02c0489566af5c70c87ef05f66a52d88a250888741da86d07bf0d7c8d07e487990b112f420a2b301ba575440cba02d6f1569c

Download Submit