c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-09-2024 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
Size

76KB
MD5

dab47f315ea89dd67cdd7cb261287a53
SHA1

3b3e7bb10ba4b0a6ee81d01032c2841136c783a7
SHA256

c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab
SHA512

8f811545e2d649465cf38a74d78311e27bd3483103da846c43024558690f6229cd3e6c7ebcf07882c07d4539c83ce379ae2238b242d3bd3c3a3125c2959a0f01
SSDEEP

384:GBt7Br5xjL9A7AgA71FbhvnwR/s4NW2sl4c3KbsvrTgOzkJAopyVFlgLfQf+PZfH:W7BlphA7pARFbhM0KW2s9B4hofAP

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3508) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\localizedStrings.js.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe

C:\Users\Admin\AppData\Local\Temp\c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe
"C:\Users\Admin\AppData\Local\Temp\c3715eca0aab0646f53828774afc3d662914a5376dd0f5f27ae1fae2150f0bab.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
76KB

MD5
99d355d512be856a9bb77bc9eabe5f52

SHA1
5550209d2d3d9643eba24be969a6a95e70d4ca03

SHA256
edd661b195e9ded538c8b6d3a59799d728f7e170a3afd1c5e973c31a4b58e071

SHA512
1139814995c27b267dee2bae087c35efc8995c98268bebdf580dd2735470cbd83d859e290e1ea24ff12071b54587ced5b181b1826835f0809a59ad316d28b40c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
cef53c1a3c25b0e13f244ea3aea495d3

SHA1
1bb4ef5833afb183cfd2aa4d6bbfd88d85006bcf

SHA256
5091ef1c262a95ac3d4dc431b3c104944daee14f8f4cd3a6f3f009136efb3b3d

SHA512
a6246f9e50dd8af9a483a186b6bf1339afd839ded21bd8afceee7160029c138d4f5f8dc518664cbee58f2015e883422dc0ae41fad63354e618d423fd2101a6c8

Download Submit