3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
Size

38KB
MD5

554a36726d5f8f537d4e5b626f9c192e
SHA1

fe2e6aeacbb454492524f628686d6794675f620d
SHA256

3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca
SHA512

ca40b0aa7a23b25e4f8be743d03cb74e88ad2c7426d4095545e1b5bd3e4f58c25aafa8ac447f44e0792e40d25effcc245e980bf0192fba7b8c8de37361bd16b0
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v7b22vZ11F1pN:GBt7Br5xjL9AgA71Fbhv7bhvZ11F1z

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3787) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\SplitInitialize.wmv.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipBand.dll.mui.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe

C:\Users\Admin\AppData\Local\Temp\3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe
"C:\Users\Admin\AppData\Local\Temp\3d4568288c8263931ad8b5ccf54f4882569208e1229e8afb66c5b2b2ff93f0ca.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
38KB

MD5
fa0654ea921911d9d8188852928c2fc7

SHA1
ea42329a101ea6af8a30a59a31a40a000c30950b

SHA256
d8ce7f50d46e4ae4d6083c9795ed7db3a60d5e297df2a8787786282434e31ce4

SHA512
bed774d628e216e50f7939f305a9cfb9654753e6d335976aa9e1959ce48481dd3922e961d496c2ee298bf481f5681336508095e98a909b65d76b5018d65e88e9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
312cb2c72a18606b138e7b8deb950012

SHA1
d50858960ce76ad38c1790852c6ba9212947cb82

SHA256
fdd3db5e42109f0103bd3ff35fb61ea8f08139a44dea75042a4b95d6398e06b4

SHA512
da886dbf13f17a062d6c8311d6b31b8528c31b3ffdffef8957402f5605272329596bbb9c61e7a1772b935b52b56858b2830e95bc9b5cffd65734461dff51db0e

Download Submit