e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 10:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
Size

48KB
MD5

d54aa880e341119ab53fcc22d1b2c680
SHA1

aee78e0d4c8bb95e929c7826689f87054eed5354
SHA256

e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01
SHA512

38c048918f946c7a343519deac40c11e6229d5f626901bb13060ed64fd44959321952d9966e8ff54c25f4005d45ac24c68d7be4b3cb046e1958c90b7c91d5d97
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFZPsFhiXFhioBBB5:W7ZppApBULcfpHLcfpyDZPQqpBBB5

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3342) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe

C:\Users\Admin\AppData\Local\Temp\e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe
"C:\Users\Admin\AppData\Local\Temp\e6b5261ab62e9d02107faa584a6419a653233a98ca2e00d04b7aa3ad926c0f01N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
49KB

MD5
b54fca51514e70b6906dac3d1834be3e

SHA1
a9bd95e4993300d47179545a6244abe902e829e7

SHA256
9ed98633cd15150ebfc1e2eb675f62598e8da302ea586800775ae7290278fadb

SHA512
32db38c6740b67d6f9bbe81c5910ee3c3a9afefd1884e56ed648d1752b76ab8e9378f8ea1cf10b55899231a99735468367e9a87c41e65c617ced4651104c1f4d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
5a5931d194092dbcb5c715cb38b640cc

SHA1
6afb40ac1f0bb3dbc2b83c9d020d11b9d1ebe632

SHA256
b05756b141fdffa2a92cd20d874d14474226bc246a894cfeb7303d7b482cdaf2

SHA512
824e45829426c52de6f9fa0b26be576731ea8e0da08ad3020362fad0d421533304ec215b4e42482590d9548ddd6f993e677d74a8a008744a015652fbfa76c2bc

Download Submit