96c594d5d4eea9a3539da7efa275a2511f94175ea37e769cc5838a553b118eb9

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ffe6da5a054ffc646a5d010d0ff9b50N.exe
Size

39KB
MD5

3ffe6da5a054ffc646a5d010d0ff9b50
SHA1

cdec7231c9e5a72fe067d4bc91adbef8fe6ec4b4
SHA256

96c594d5d4eea9a3539da7efa275a2511f94175ea37e769cc5838a553b118eb9
SHA512

7293707f80064c1078753d85b112b18c0f797e2b32809ef01e17251f4151b3b3db100236cece5651b7b6b4b373ab8962cdc5f3fa1369bcdbfe0f3b4af7c7ae81
SSDEEP

384:GBt7Br5xjL7lAgA71Fbhvt342JQuY2JQuv0U0cml:W7Blp9pARFbhjJQWJQOnLml

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3366) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	3ffe6da5a054ffc646a5d010d0ff9b50N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3ffe6da5a054ffc646a5d010d0ff9b50N.exe

C:\Users\Admin\AppData\Local\Temp\3ffe6da5a054ffc646a5d010d0ff9b50N.exe
"C:\Users\Admin\AppData\Local\Temp\3ffe6da5a054ffc646a5d010d0ff9b50N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
40KB

MD5
dd184a05e66ec0a69808da01b7d7a3d3

SHA1
703212d3505be60a5d83f483e5c640804c153d55

SHA256
1c390e78be2e5166dec9b31b0314c50e46d6c9e9bd87ef401b72acd340d1e763

SHA512
2d00fd2bebac4df20705ec47c9aa251f912b618188a92541c4b8dce7a041ba0649f660591bc58abf6cfcba0b5c705b17e78cac01978eb7fc8201fe1c2be772d3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
3e396359a1cf1bf777c43b4a36ba66f1

SHA1
bb72ba637fdc7d9d3594d681edc5c3f937996191

SHA256
23f739e093b4289bbc02b98e99cb47c4477d1e4d106a867a960f18b1bcbf8822

SHA512
bab93a378dbb0547fbe8258a6b7b3ca4b5107e0191abcac7d6cfe1190f389d650041e0c3b7726642765a1031b69ddb7dad27bdb27e91d6af372267ddbdf7d0c8

Download Submit