3c4d794ddb5a643f68d56b339480048a9d3c4d517797f25a6a3fcf949f6d1609

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3d7cee7f8723c4861d4e86242569c80N.exe
Size

39KB
MD5

a3d7cee7f8723c4861d4e86242569c80
SHA1

acd49647fff37ed77c459b632dddc2ac1b9de523
SHA256

3c4d794ddb5a643f68d56b339480048a9d3c4d517797f25a6a3fcf949f6d1609
SHA512

883d24a4c0fdb916af66064012b9709f6876ec0a90782b995e114f8a7d66994ccd07f71164bd2cc3491d9c8d615ad46dd0db2254df763de222b0b28c10b24788
SSDEEP

768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0k8Do72OiUJfo72OiUJt:W7ZppApkGpJwoB

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	a3d7cee7f8723c4861d4e86242569c80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a3d7cee7f8723c4861d4e86242569c80N.exe

C:\Users\Admin\AppData\Local\Temp\a3d7cee7f8723c4861d4e86242569c80N.exe
"C:\Users\Admin\AppData\Local\Temp\a3d7cee7f8723c4861d4e86242569c80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
39KB

MD5
316f983c0bc1782a0f12ef5eaa0e2d63

SHA1
b3578d00279b53fc02b72e3d86e70733b8071a18

SHA256
c22283c23dc9e657d5387e27df095d22a129245072ef08e1bf78fe27c4ad6d75

SHA512
bfa0db53fd1def29635d1032e77d7739eccf811e6cc5d6eac5f9e4c8cd6fab77a95057f3b93d5110bcacf2a6670bb9990983999462ba3d4bf36983045982372e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
4d9ccde0d9f0e82e595a42655d2adcba

SHA1
535331ac84335826fcde3167da1d47c57085cb87

SHA256
0ee274eb0d30d32ca41f3ad96b84707c840861feec36151bd8afc17697fa5b18

SHA512
d6e083c8750b519a60e5e80416a222388c7ef35aa7e2cfe47f662caea3b912648d2dbae8a1ea3fd75c3e1a4552470471cf4bbea65d90cce183c278a8d488f5eb

Download Submit