eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662d

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
Size

53KB
MD5

e77514231aa20666aca5d1bd34b4cfa0
SHA1

a6c97b6ac497ccc3180e11f1dd7a6fb5cf6fd92d
SHA256

eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662d
SHA512

43478d37a23edfaafc9cd2de40f9459eb93bf033e29b00b63a3dcbfbbefed43d22485742f412b20d5e461f8f7ddad2be7c42203a1e32051db68702d8d5ba25c9
SSDEEP

768:p7BlphA7dASbSLJJBZBZaOAOIB3jM2jMO/vY6mYHV5gLJAbHV5gLJAD:p7ZhA7dAxJJB7LD2I2IGYoND

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe

C:\Users\Admin\AppData\Local\Temp\eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe
"C:\Users\Admin\AppData\Local\Temp\eb9eae02609b18f0df4bbc65bdf1a3cb88c0d39d64a8bd69eac2b09a1789662dN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
53KB

MD5
081ddc2b3a936209d64700bf8a2f0515

SHA1
0cff0756ddba33e8feb2ae6d44e8348e17c72876

SHA256
4a5a46ef0b61790dbcd7356b7bff50cede6fd8230aa57da7aef1dcd90c6f5e4f

SHA512
084813bb2c1120c5dff04edd9755973481c0308626ba6d43f2ccf119e9c622daa44a4f2c5d0fd7cc0024c29d5e2afee822da5cf4b5839545aa1b690a6c75717b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
6e5c6bb0813a740911e7d136a28d8bd2

SHA1
f386484c4632b884b50805b77dc6a29f2ac5741d

SHA256
26df3b0bed229871a7a498f28c1d0896ee7fb7a495ae6ca992899816a8af0591

SHA512
dc2f39c85a5d441e9c24a9ae0e57764ae621b24725b1615dabdb94d41b27cf16be4fe58c904217226aefbbff9fc6d0713b27a48f3397e673ee9c7153f9ef0b36

Download Submit