3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 20:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
Size

473KB
MD5

a5f1a88de7c475e0b11e1deef7588666
SHA1

63c4417ed9b0c2f66aa8f820a25c4a8f0d977a47
SHA256

3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac
SHA512

d8271f4067f33f3c6d8c119a882722307895b767c62c74d9febc3bb84f04163b2e0564e71b668b192e76c880aec826706e17b63c356b218132ccd3209e05d3e5
SSDEEP

6144:RqKPlJT2WFzu5Db7k6FLrLk/B+xhY3ClhiEiQhT+JgUEkBEk8ox3kEFytR:vrT2Wxudk6FLHk/B+xKClhiEn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2108) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe

C:\Users\Admin\AppData\Local\Temp\3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe
"C:\Users\Admin\AppData\Local\Temp\3687178a9848ea3721f8689ecc229201d9a821d18e795c9f53f3dd3a84adb5ac.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
473KB

MD5
134ce475a144e8f51ccaaec72950608e

SHA1
2438686b8130028ba5a7830ea5641c48b5c2a8ee

SHA256
73a71c47ba2a359c3ceeec636fbf973865f15682ae3c826b1547639d8fc3e230

SHA512
92a5e78f2c8e2aec7025a1ed68aa7ab28f97bd8628d1316e64c2e4ea09c8ecef6337f7d13fd1854ca4e2c9f4c51a44d5cab0fc8fa97aba49793e5b993e16aa22

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
482KB

MD5
7572e0c3862121fea8432725a6d57536

SHA1
7777745a214fff790620cbece9042f2993b3746b

SHA256
c838a8d207c139956ffb144673b0bdc27c190651cbc4eb730d980bc6230b5a69

SHA512
076f31bab16becb88218cb918a8681afea97c0ebd068914ec7f7d443ba4eb01b98f1afe4fc22bed007a9c9b0c09b08e57e63ce3eba49a8a09a4b18eb5b12ef4a

Download Submit