f05da185d3f481a1d52a9cfed2fe4159b9f34b0f2e0d790a60b7be261ad0cb12

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3a530839ef8703daa8077e70636e690N.exe
Size

42KB
MD5

a3a530839ef8703daa8077e70636e690
SHA1

556ac8a526c46002e5f227907cb30e8e1d865dfd
SHA256

f05da185d3f481a1d52a9cfed2fe4159b9f34b0f2e0d790a60b7be261ad0cb12
SHA512

860d7330eebb549c91cd523b4fa89a1ec473ef9010872140d2e4a99cd3d01c96656c1b9bc8340eca847f045f256de5f550f2e6190456068ea5373268bd776f1d
SSDEEP

768:/7BlpQpARFbhefnj0Tjfnj0TPuqKDKrvPf:/7ZQpApouSvH

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3418) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	a3a530839ef8703daa8077e70636e690N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	a3a530839ef8703daa8077e70636e690N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a3a530839ef8703daa8077e70636e690N.exe

C:\Users\Admin\AppData\Local\Temp\a3a530839ef8703daa8077e70636e690N.exe
"C:\Users\Admin\AppData\Local\Temp\a3a530839ef8703daa8077e70636e690N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
43KB

MD5
2ef683d01e5d656e22f147bfd6a3ea58

SHA1
f4c253180d6f0a0e9a6ee2827da29d38fb677352

SHA256
8d78ae1d40c2b74fe2b119527564d1e57b075a08c1991ca019bbb8d37b0b1059

SHA512
ed0317c295a5ab94b2395e0e40b818136b344674508f9655d54c52c67ad87bf9a9e0e72d88aa56f5258f4cc75e7503e5a07a2c33e91d7d92662f6f4591b7cc38

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
028034f3f9a144045296836f627af288

SHA1
a103706e4069ba0987d35efe7f17715533e91d37

SHA256
11b9dd078b0ff924a8da4ad3153d0be149b3d3584d76637578b22cd071d70ed5

SHA512
fc98bed1c13e4f1966716c54354f7c5901dce9c6c46600e749eede1481027458060ddc5a190e048c6bafcb10f77684cca420c414994e38de908956d4af52892b

Download Submit
memory/2372-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2372-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download