eec0e04b8c11c698adea1b0b066101a8e419a2c813afef5929ca477185956af1

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 21:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3cb1d7d0787db1e81cca16cf42c99780N.exe
Size

46KB
MD5

3cb1d7d0787db1e81cca16cf42c99780
SHA1

2788aa8329f8fb9a7ab2836a50be1ffdca768d43
SHA256

eec0e04b8c11c698adea1b0b066101a8e419a2c813afef5929ca477185956af1
SHA512

d6b69fbe2e01d0f5f7f79b579c6b456b32077e1ff3de867fef1a59dd59e7d91857217a00ce15773044bf6ff511c2e33613d9e05367671be965ac043a5ba36886
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGwTCus7sczBywY:W7BlpppARFbhbt7Y7wTCnBI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3266) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	3cb1d7d0787db1e81cca16cf42c99780N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3cb1d7d0787db1e81cca16cf42c99780N.exe

C:\Users\Admin\AppData\Local\Temp\3cb1d7d0787db1e81cca16cf42c99780N.exe
"C:\Users\Admin\AppData\Local\Temp\3cb1d7d0787db1e81cca16cf42c99780N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
46KB

MD5
8fd7f889e5dcb05d76a13121bd3b8b0f

SHA1
28af072b9ce33dd2e917825485d1bb8eb669b580

SHA256
7b70e1f3e4e82bedeeb477ae47f588283214267c3879a35a3ce658ab0c962bd1

SHA512
685c4d433e38c52ba311251692f1546dc7664f145701cfaca5649f649ad4f3cb70911f9a528b069518e88f1a636e86ec7f2b670e0a44496667969bd7c8f29742

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
6e1744d81e4a76386e8489d677c4ce13

SHA1
193dfacc8e11568f4c95b6a20da479508cbaf7a7

SHA256
41eb42f22d33abde69b5d8c3adbe622526b2bed8575dc33fd981251e7f644b70

SHA512
71a32ba50d9e673f0f31de531f981576eb09e93721195a6ca43eabe8019087c33805528c2c6c12b72c40f0941ea60c1c56c8bb4a408f528805a66571f4709ce8

Download Submit