a39604a4591540a682f64bfabc33ad57e2c24dbb112a2cfa3914240b599f5edb

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3058c4c8afee97efb52385e761beca10N.exe
Size

73KB
MD5

3058c4c8afee97efb52385e761beca10
SHA1

bd9ab8e968c250b45c63f7faa6abb9530fba7bb7
SHA256

a39604a4591540a682f64bfabc33ad57e2c24dbb112a2cfa3914240b599f5edb
SHA512

ed928fd52f17da12b0f5368d52d17deaf1aefba330a05cd8202ff9f037cf51cfe099ab0fb78180d83b85b4ea7bee0aa6f4add64663c5bb0c7b3428a20acf81cb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WmDJ:6e7WpMaxeb0CYJ97lEYNR73e+eGGmDJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2948) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\FormatApprove.jpeg.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	3058c4c8afee97efb52385e761beca10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp	3058c4c8afee97efb52385e761beca10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3058c4c8afee97efb52385e761beca10N.exe

C:\Users\Admin\AppData\Local\Temp\3058c4c8afee97efb52385e761beca10N.exe
"C:\Users\Admin\AppData\Local\Temp\3058c4c8afee97efb52385e761beca10N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
74KB

MD5
8eb0af6ab43bb32b855ea112ef181943

SHA1
c23aee2df580ee58581a19f467fc19be85bca709

SHA256
8a30fe12838225d4a9d7c2abb75d41ec442251dd7bc928f6c6937414d7d06f70

SHA512
293040b41cc6c3061dc1276e6e3e386a009b54a8c944349377e8778b5fda837b4dcfd8a42c260334de8327166e03454f342bcf88a1c576e048f507f912679238

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
8e5f025f4a8074c232b0a8a38a9aeb24

SHA1
95cc8c944997114d92cd27bb7e019050a8db3af6

SHA256
e6aabda65671dd3efd9c0a7f763a1488ed878cc14720267fa6616fae02ce7cc3

SHA512
ba9dbcbde8d2b88e410bda2b34816d5ba2f0d89edc6058b3e193c6f231fc5df116b6b960aa8cb789a5e0ce18bc1335afc92715f7b0116b3d8fd3f6329d5f19d0

Download Submit