1f1c39128fefcec64b693a4620f4c86bd1f1a10607686a2c0ec9a672de414e6b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c516ddce9f8ed90181a51541dcca150N.exe
Size

70KB
MD5

3c516ddce9f8ed90181a51541dcca150
SHA1

e3a06f2695278897d09cd047033554c831a8eb5c
SHA256

1f1c39128fefcec64b693a4620f4c86bd1f1a10607686a2c0ec9a672de414e6b
SHA512

3d095b5b5b79c71a18a3599859e62141c596c83640316b7a00af857a98fe920fc7d2a0f996c714e5a879d2f26b8559ffdead435b6ce0cb4a7c27f7ae7f573194
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDlvcYNnVvcYNnnUBRoRt3v:W7ZNLpApCZuvIYYoYoN7n97nmRoR9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3092) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	3c516ddce9f8ed90181a51541dcca150N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	3c516ddce9f8ed90181a51541dcca150N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3c516ddce9f8ed90181a51541dcca150N.exe

C:\Users\Admin\AppData\Local\Temp\3c516ddce9f8ed90181a51541dcca150N.exe
"C:\Users\Admin\AppData\Local\Temp\3c516ddce9f8ed90181a51541dcca150N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
70KB

MD5
ce49bdbc8485f76fd0f3fbebf947e534

SHA1
8584a933871b998aae2486f0b9a6c0ac1a1feb44

SHA256
7b4333e6e5103c38b8a13e1738b6725fb19f250f2fedeecee5f0a019ac21b2b5

SHA512
97c3673e5d125e02e023f8790f3f0e242780e57aa74f5c43e23e599e756ce35c676bb05aa0e17eaf6fb7c0cdb0992f32113a5f9f9e83f56b54477911b78632d9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
c0171bc5f27271b8fe35a9447f78df84

SHA1
9bf056423027ea2d97f800b644fdf9d828ab64a9

SHA256
0623db3be066b8edd3facff33d9f7bdbb5fe0e907c6502a29b5a3159a4ba3e0d

SHA512
cf42309bd97b0f3a85463e4c8bfcaf62b08112cb8591750250ac97c35f121246540e6a6bed5885d549bdaa762f99484d139b9a8ef82916637832c08eca1c8cce

Download Submit