47ff0752fb95342d53f86e23b8c2f296f2ff12e07e96749cb78da7461b96648d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c30794038d94a46655fa481d9037200N.exe
Size

76KB
MD5

3c30794038d94a46655fa481d9037200
SHA1

677584456f15ac05caf62e2a97d852fe229095b1
SHA256

47ff0752fb95342d53f86e23b8c2f296f2ff12e07e96749cb78da7461b96648d
SHA512

92078d753e94de35cf2e59a955923fa5eb58d3bbfa96aecd5b789ff0809dde5fc1da428e18f53342db00471a1fca2ba684e3d1ce71f54fa15f8a898913528d70
SSDEEP

1536:W7ZhA7pApvOsOKM4HBhaGwOQ54xEIjlEr:6e7WpRaSljer

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3489) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwdui.dll.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglinterop_dxva2_plugin.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	3c30794038d94a46655fa481d9037200N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	3c30794038d94a46655fa481d9037200N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3c30794038d94a46655fa481d9037200N.exe

C:\Users\Admin\AppData\Local\Temp\3c30794038d94a46655fa481d9037200N.exe
"C:\Users\Admin\AppData\Local\Temp\3c30794038d94a46655fa481d9037200N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
76KB

MD5
090033508a52fa9ab36655273c88fae9

SHA1
ebbd6385aed3763bdd58cfbe92b4ea84b4f9ffbc

SHA256
753d46aafbbfd91e41e709984118b4c7b22099dc4d4d63e7c98a037d928eeede

SHA512
2c17ed1dd620315702ea11d8f570f60fab5e08c57805ad9d26fd45924259756e3b47e83acebb6cb5e09747940bafd5f04ca2227ad6fa88737d932e3d4c7f4885

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
aa11e582c7498eba87cdc1bbc45fa469

SHA1
d280dfddc513cfd4d69ad7ed2ed839e0f2935ca3

SHA256
9cfc9d112e3ae84e286354cbead99ea61087b4b54eaf825dd9ec2990870404c1

SHA512
0362cb07e2e369d9a862ca58af86654efebcaf3a6770ad83fbbc3dd02a03bc0c3b4aedd26365f8fef8577b6611633a53622910bee4d97037129f3184bdc4c19b

Download Submit