1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1e

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
Size

146KB
MD5

e3c361bb249153b3cb0e4fd990ef5840
SHA1

df672d0a42357791313b2c0e516924f19b3dbae2
SHA256

1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1e
SHA512

599d798a28dd1a43a585e642fb10a3997ff1914b1b536eb57983b6857220703d45e83580c2796e417e54c1bbe43e68dd52247ea0c958423aa6fa31e91f10e58f
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6Sh1XtkkkkkkkkkuC+2fraAmtQHyiNueOyAB5+0YJb:6DWpAoOhQSicJgyybxYm

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2854) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe

C:\Users\Admin\AppData\Local\Temp\1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe
"C:\Users\Admin\AppData\Local\Temp\1e1c2668ee7fe86862d4c87d4790626c93915a54891d832529f45724901f0b1eN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
146KB

MD5
7d6453806a5809e52c39fe7469f7aa34

SHA1
9ed89ec6d740d511bfc3be7446f24a1edd428e2f

SHA256
887d6f43ec631845386234feb3e34117555556b67c88d8131311878de3b04e75

SHA512
7ae5967de456a7dfc193885fa4baee55ca0f24c3952f4a18dbebfd6b98dee0bab066b2e653981bb11b9513a9f54cb7ddec1d6fab429b3b895436c5cef3b0e0b7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
155KB

MD5
8f2c829dd1d60677306ed09065b8ab50

SHA1
9068a662e84fd53c427ae1d9700cf88344968662

SHA256
90a16d968028fb367d59f4f253a3ce48fd6e3f1898e52775b8e5ddcd3e995a06

SHA512
eabb024f4061c1efb6bce8d14579f758ebca4815d84cfd347aa4598fabb63b020ade448e9eb9df90d7b1fe9a38f8f39aacf83b3cf23b8f29e476e449f63b6df7

Download Submit