441c48505a51e6f182e43455488ab8f20ac7f5ea569e865e87dc3d3aa787ee0e

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b78c8c5396cb6e70c9055462d0a0fb0N.exe
Size

54KB
MD5

3b78c8c5396cb6e70c9055462d0a0fb0
SHA1

05bab07791e411ac69eb549f9a2cf2c4a03e577d
SHA256

441c48505a51e6f182e43455488ab8f20ac7f5ea569e865e87dc3d3aa787ee0e
SHA512

0ea55ac9707fd9e4f3fc541f50b8762e57181c9bec293eb274084a0619556840ded4427d967414c89c0b014b9e23a345d14359e680a1a237d49d2c9753f4e2c4
SSDEEP

768:/7BlpQpARFbhq1KX101ja7c0QXzesa7c0QXze9:/7ZQpApq1U7XQ27XQa

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3205) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	3b78c8c5396cb6e70c9055462d0a0fb0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3b78c8c5396cb6e70c9055462d0a0fb0N.exe

C:\Users\Admin\AppData\Local\Temp\3b78c8c5396cb6e70c9055462d0a0fb0N.exe
"C:\Users\Admin\AppData\Local\Temp\3b78c8c5396cb6e70c9055462d0a0fb0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
54KB

MD5
58750553af62ac53ba475b4725da4832

SHA1
8f6656cf84a0f6239c9bfaebe072abd2b61e8616

SHA256
01c20edf532648d90afbe4896a5d71aa41f2d9bbd9f35fa1928d487175acb9b5

SHA512
f28e53426da6cb0f42fd2b18e88367b8be1c38bc518c97cc0814b869d1d2f5805e006c8f72c7440892eea2f3fb57e8dfff114368008604da5b6d8cfdbfc1f57b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
a619b62b540e953a9f4c86988f294b3c

SHA1
479c4f3bd4074b63c2fb17dfaf9edf08006462b6

SHA256
7ed2adc06b5b1869f99e47f8889cb52904569b3b4c4a1a839dfa7c09d4104e3e

SHA512
6c7a5025dad9f604895c3694f43752b663ee6b2de9481691926d16beb7b1a4e5a0f9094af934bcd338534499476bcb681b613416d0488d109618a108a6509dbd

Download Submit
memory/2136-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2136-652-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download