e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 06:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
Size

37KB
MD5

4c307bfbf33c640f826a03d0a1c87700
SHA1

8b9f563ba5cb3f8ecec35b24f268fe93ae7ee6a9
SHA256

e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148
SHA512

adcd1b107edeaa02d39b1e6d3ae5217f6dd65264095c4404082c31e26b212ee25ec48a02cbaa7df69e148edf4ca046330bef7ae12e3f9887e13d31bf52d0773b
SSDEEP

384:GBt7Br5xjLfAgA71FbhvtPc8fqAZ353aZ353Sl:W7BlpDpARFbhN353e353G

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3400) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe

C:\Users\Admin\AppData\Local\Temp\e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe
"C:\Users\Admin\AppData\Local\Temp\e7e7580a98a7da18276d08a953eb2ea95c57b34d09fabe25e309d054f7459148N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
38KB

MD5
391656f487bf659fd9172ed5bc947b0f

SHA1
8b590b729695f7dd35eb3cf1e2e85c53c05ace41

SHA256
4bc64c0b621b7a419e3f9ed9d52ec3f17ec4eac04a60abdf3d8df9119107b851

SHA512
366c0ec6516df46f0d55edca72cb490a24607f164c9f9a957e4140b17731f656e5832a705d9f70175f60962218555b4d4b0b9d3bfbb4824b2e0c76be76fc5ac7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
9a72f6f15d5010fb5ec706db953dcb0e

SHA1
ccd612edcd3405a6d604ea24325aff418b47f21a

SHA256
6da804e912830ed79c6bd000454f5f77692a9a516a3bba12b0a5ebb1f4301675

SHA512
0a128b6913134a5ac64d1117a68087de525eb9902d9815c52668e2ebea1a6e5626d3a737b3e60c706871e2d515a04643f667158c88028356092bb0bd124dc87c

Download Submit