e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856

Analysis

max time kernel
120s
max time network
21s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
Size

88KB
MD5

2e5924d839eb2fb9166b7d25131d1210
SHA1

373c9a8a544d5a3a1b174ce25521b6df338a4233
SHA256

e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856
SHA512

f8867e0683843b780c9a0884c0c15f36da5b77638234a67fcf3998c270f754f47cb82839843368880eefb917f9cbff1633257e6233eb4767ab869409decb56bd
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKgg0///x9zKI:69WpQE0zxg4nd

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2847) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\CopyUnlock.cr2.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe

C:\Users\Admin\AppData\Local\Temp\e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe
"C:\Users\Admin\AppData\Local\Temp\e0f1b3f44b2bd3e144f1d50dd49a2f912c223a6a700c350f3dbe9968b4012856N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
88KB

MD5
a0be1f75ef95bf8c84c3cb1c839a0e3f

SHA1
390aa54c7e0f6ca6e897387bb10954f9bb49813d

SHA256
ac6d10589076e0e6b276dd404913030ac90a6d50633b43217c5dcf742247bda6

SHA512
e0c59fca1d82d5b645fe1cb0dbc1d619f762cde3dd6550b58b434e2912425685a22164bb5ff0491fc4eec8c8b6602119db126c6cec249732f9c7a0196e97884b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
9d9b6eeb4c47caa310a57620d764d733

SHA1
e308c74262a4de22485a2a5d70b1fd5b8e39a0dd

SHA256
dd8f342d955dce2447c690e1c7d7933140a53677c266bc8839a93c552c466e73

SHA512
247871d717a47b2b9b0ecd9240cf6af2eded39712f522e48f9420b4865c16cfc77f7a5d72795da2b4468b532dd089f74978869d014373da4f63ddbf871dca518

Download Submit