eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1

Analysis

max time kernel
139s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
Size

62KB
MD5

5afb68ee7cc4d421ca318acca8fe8a5c
SHA1

f67049b49a72d0277db17a6f70152e9e4027be52
SHA256

eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1
SHA512

badc24f9e3a6bb340e00a6a2c737522a1ccc78cbdd2afa71cd743aa173f146cfeb2092af297d6247c120939ca851b8d2c0aa1dd9009c1db9d12ba6213a526bcf
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meD1:/7ZQpApze+eJfFpsJOfFpsJ5D1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3151) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\InstallUndo.js.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe

C:\Users\Admin\AppData\Local\Temp\eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
"C:\Users\Admin\AppData\Local\Temp\eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe"
1⤵
- Drops file in Program Files directory
PID:1724

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
62KB

MD5
4b7f27718ebdfdfd8f2573f6fdf8e27a

SHA1
ee236d6e93788d60bada0e561b0567328200450e

SHA256
eb1277a38132b5915bd72f366156e000e77041d430ccb37f53b35b9744d84879

SHA512
24005935a6286d727981c52e46ba4ac024f59ae44ba7793f8b08299979d8075b9b630e079a5a1a729de3dcc96c2ddbda50536d326c9e2b21975e917d0d0dca93

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
71KB

MD5
3bba1abea40b0eddc29f27d284f0f964

SHA1
4c43ed2a01d245c2603f0ede9e4705390dea71db

SHA256
2f1b10736093352b61d41c0fd240c3fc80b1fe337ba8960a8a08bf3119a410b7

SHA512
1d9657a2bd10fbb306ca91e43c7629431415be84d590b86a60e9b3206be4d0727c868265618ad083515875fc086dff4c94c95aeed6489f7231fd1849f9845bc7

Download Submit
memory/1724-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1724-306-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads