c71e1ee98e816de91cf54190874f20056319951cad99ce8982fb5e1aa93b02b6

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3d0f99dbebc068933bbbad5008bc8a0N.exe
Size

37KB
MD5

c3d0f99dbebc068933bbbad5008bc8a0
SHA1

6a954b788075bd8583c1af94064908f42adb03f5
SHA256

c71e1ee98e816de91cf54190874f20056319951cad99ce8982fb5e1aa93b02b6
SHA512

405cc05cead50c8b2d7062bedc1439edfa352f18fb005d1a4027269300248a7cec6b2015afcd855e3ee3c055b21492f9deed1cd02bb2b685588a2cb2eb28baeb
SSDEEP

192:tACUADIY0Br5xjL/nznlAgAQmP1oynLb22vtI0zWXPXUXHz9g5JHz9g5y:GBt7Br5xjL7lAgA71Fbhvt3bu5c5y

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\RepairConvert.ADT.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	c3d0f99dbebc068933bbbad5008bc8a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c3d0f99dbebc068933bbbad5008bc8a0N.exe

C:\Users\Admin\AppData\Local\Temp\c3d0f99dbebc068933bbbad5008bc8a0N.exe
"C:\Users\Admin\AppData\Local\Temp\c3d0f99dbebc068933bbbad5008bc8a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
37KB

MD5
bf7aab8b7ceb3c816f46aa4592bc33c5

SHA1
3cb7faf2b38c5989aeac050e1aeb0065a3f4fe51

SHA256
a0b759b7b23565c11f302731c62699be0d33498cd25b50d5c084be44b929ab5d

SHA512
a270b7bc17dc9668861967dbc7b095319e684231112e73e6d2df416ae6640a4ef254bdc5cf0274b0fb595a03238609361186e8184b9db6292f9253ded739e679

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
0a8eb3ea75970a630fb3d9c4d5d3dd34

SHA1
c566dd96d50a59581689fc81950ce2f644ce81f8

SHA256
d941b363d2e6d9e62fc01d6d52e339078047651c86d28c27ca98f475d630b8d5

SHA512
1632332c913c7128c6b54dd9d12e61dd0e8e2c8bfcf19e0af655e4c2e175cc0b0ec8f44601b767efdf99dee3ca5829471c23bc77db6fa62e3720bbd1d732bcb3

Download Submit