ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 09:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
Size

33KB
MD5

8a31a86065359e4a3fe87e0fb95b2370
SHA1

23e371ed35028d446b7cacb3401a4ab7516b7725
SHA256

ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683
SHA512

cad9cfc6ddc17568b50ce6c27584b68bfac3e8e68eac80c526cbd39ead6854b0ad928666ee852b9a90620be6a416edaf8dda8497e9ac060d42d4f8bbfc9b2c74
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhv3KueKudLl++K8e1:W7BlpppARFbhjbhPKueKudLw1j

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3208) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe

C:\Users\Admin\AppData\Local\Temp\ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe
"C:\Users\Admin\AppData\Local\Temp\ebf09e3ed108a110c2e76e7c4651a99a17e5664b960b97f78a6ff17c64bd3683N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
34KB

MD5
185c4c23ea625837a98165c6db88d0b5

SHA1
7795d36845b18e924373d530fe7ad53f6b6f1d8f

SHA256
67db43f81d79d14f9e6b428e586d546a30b8892a04719d763f760341fe0c24fb

SHA512
4207a4f6e596e76f8f106b90d6bd725c930c2758e610d833cbd12df60bc4f5b52e275917016b2f1269260fac18030ac06e029f52cf3ed7f6dd4ba5d6a973c5ca

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
43KB

MD5
218d40eade5a519f1aa2ffe0c69f87ac

SHA1
c08c5b38a03040d9c0199a3ec226936b231cedf1

SHA256
986a2f64d26ed8137605288a577357292d538c58d80edb767d884920693fa21c

SHA512
4fed6806074d4128416c35e284e7584cb2b80a9c544f664a01b520d5becea7452c9bcbaba99e3ffa9f63e468de404600857b7038fb3f1e1e8e96942ba565a09e

Download Submit