3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
Size

43KB
MD5

58e528f9ea5d816bf04a238035aec5f8
SHA1

8d155f8d4f59e794e1aef454f76b2f5c15e93503
SHA256

3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d
SHA512

a1464e5fbf9b2e07f0319a13b057a037d9d87ca4f0ee4fc020754638c978d37351ce0523a57dc304df122dc2cb957bba9ba5ead51280bd40faee440dcfc6b399
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F11liKliB:W7ZppApBULcfpHLcfpSo3fO

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3880) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSPTLS.DLL.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe

C:\Users\Admin\AppData\Local\Temp\3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe
"C:\Users\Admin\AppData\Local\Temp\3b584d99dc808129d140dbcbcf033529a0fc6e466c2dd1de2995e78c69fed69d.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
43KB

MD5
367c95333b105e61f6fa67a6674979fa

SHA1
db9805fd747e96b781c51cc3899117480db884ae

SHA256
e29bb2073387ccfc25f59d1a44f5c91dadc64ce644413da4b0dc1d885f441717

SHA512
8581c507098216002226af0e4565fc9e53db0193cd44e4b5a9b7a09e0828ed2f40370d07f2e967c266dac254a5605c65a024a5cd1a30af782001d85d90542167

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
a07dd06c4302f2eb2b1887bb21a40b36

SHA1
9ffd3032ed7e675e03615f5ac2bae3dc7a5c9d90

SHA256
a22935983172dd174b874215092a4d2e19c5cf8c6d2a93141007767f713aa242

SHA512
3f43bfbc19d51e81951afba7848c805f844cdd61b8aa3f273f934d3fc909d84c7a43c8c172bbc6d303fa3e3ffff435e9a31ef20bb1fa7bc5d49d6d24d1ac95b2

Download Submit