ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 01:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
Size

57KB
MD5

f56b3801f75adfbd0cdd720ee1dbb887
SHA1

fb09f5432e79b56390bba8b50bdf9c67b45b86d6
SHA256

ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7
SHA512

3019a75426be584abc3589dd99335911d6312d3da157ce8d0ad020ee0a2514a64fede8aa0c2e88841baccf9fd150f662a433591163fbb739e3a90c90121c0c58
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFkTfq9Tfq7h6hB1ix:W7ZppApBULcfpHLcfpyDc2ih6hB1ix

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3477) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe

C:\Users\Admin\AppData\Local\Temp\ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe
"C:\Users\Admin\AppData\Local\Temp\ac3a4c7dba7c772a9710f9fa332a3f4e6d7059119da438ec29371b57f6812fb7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
57KB

MD5
1f866939e704f9ec08eda98cd4530cd1

SHA1
8865f44ceed543275e0bd118c1b5e215a5619aab

SHA256
0367c1879e6b9760fbd7243bbde5e07f5e1f7adc591a289b13568ee9eb998080

SHA512
f86e73caa642ecf20a3d4b3ee2cb9bd0c50cfdb8e6a1634bd4577dfad69a7ccbcbe231afba1636dc502447790bb8f5928e8c26bfe533577568bc36c31b4c452d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
d4d3f3ae261be7ff4e30ee843bbde23e

SHA1
cd08116b0bd2277cbf8cedadf7461ea27db2410d

SHA256
f3ea00d1499efaaefc2dddeae78c041dcbbe618b0b5dfb675e61fbfa109bab4b

SHA512
b99c1c0380be5ef70cc8243f72a26fa921d25d54f0a8dba5f2b0ed79ac4f536bf851a84da6e1dceb1b63fcf6e9bc0ec43645a1db354e24de892e656db1fb2fd3

Download Submit