0e482d99ff551dbfe591eb88e94e4656702d121a4dcdc2a5de7de76b30e551cf

Analysis

max time kernel
120s
max time network
22s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03-08-2024 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3857195225483ecde583a58a46435a20N.exe
Size

38KB
MD5

3857195225483ecde583a58a46435a20
SHA1

44121a76996be7ff30fb29022624417fbf16a6b6
SHA256

0e482d99ff551dbfe591eb88e94e4656702d121a4dcdc2a5de7de76b30e551cf
SHA512

b5ccaae3a5d9c2b0e2e7fb5cd422997749a1db916f1d2881af7bc393a891835f67ce451676c2e4823dca59582d5da9e273763c379318e5f2f4d05a5e608e052f
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLg:W7ZppApBULcfpHLcfpyDb

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3315) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	3857195225483ecde583a58a46435a20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	3857195225483ecde583a58a46435a20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3857195225483ecde583a58a46435a20N.exe

C:\Users\Admin\AppData\Local\Temp\3857195225483ecde583a58a46435a20N.exe
"C:\Users\Admin\AppData\Local\Temp\3857195225483ecde583a58a46435a20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
39KB

MD5
f884a3125d824b044acf7bd5179e98cb

SHA1
1d813290a61b502ffb71b5125e6954f82b48174e

SHA256
c1948ea654612fe238878e4f69bbb987340690902316c8446cd8369a6ffee5ba

SHA512
ff37ef1d4b1f2cc2dbd4b8b6b1f2b81ef9161631c5aa7eb9a5f9b6b57971dc41bb3feccdfb86bd3764e84ced5fea8f79d86777640a60934932ef253ee7895482

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
c47e2d5b95a6c46ab801d998c99def94

SHA1
7227aead30b13569c84fddf0960dfbac7d5b8be8

SHA256
6dbd63575b0d279b24e403f25ad50c039976a23a321a3d987318324c4f33dfa5

SHA512
3e63c5e0236f09396250fab3c1f5d1e8c2480d7158e10d8ed1b72c92f4143e9d4aec55e6cf66a1caeaa81354d6dd69caaed90df08a5b9c81fbef6e109d0dbff1

Download Submit