Analysis
-
max time kernel
119s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 23:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3c5b9ef42decf918cda1943a547ea6c0N.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
3c5b9ef42decf918cda1943a547ea6c0N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
3c5b9ef42decf918cda1943a547ea6c0N.exe
-
Size
81KB
-
MD5
3c5b9ef42decf918cda1943a547ea6c0
-
SHA1
3fd8e66b49e241ce3d788a48d53138beff6fb36e
-
SHA256
5156a32893fde186eaffd0e51b0bfaee4751787394a23c073ea20314c1e513c9
-
SHA512
626b46aee8385024836633c3f11db04468c15c3f961623e06b21d0bedec837a6a911fa29abb33aaaabae06032ad88f9c8f3227c6a2866e4cb4b56b7c9c28f1c6
-
SSDEEP
1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/xJtLJtTGLtJ:6e76mQSohsUsUKDtJ
Score
9/10
Malware Config
Signatures
-
Renames multiple (4621) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\7-Zip\Lang\uz.txt.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\7-Zip\Lang\sq.txt.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bn.pak.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp 3c5b9ef42decf918cda1943a547ea6c0N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3c5b9ef42decf918cda1943a547ea6c0N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD53671623912fe562dce26c2d10bf909ae
SHA1b204aa4445a3e68b96c807dc8030bac8f5e3dcbb
SHA256b8c9a113e85f3a1bf33101517e5fe5c7a917778a1d8ad36efc81c97ba43534c3
SHA51263a5f17b9da61a7544d73f9e89214853f73454d5b5424fdbcef294b752c224ed678d04ef4eabfaec55eba92e5db1683e372c329a6c264a6cdcc8d648e068a608
-
Filesize
180KB
MD58fa154507fbda84600972333707eeaaa
SHA1f734b200f13aae66284db2491f3eabcc0f9aaee8
SHA2562886b6250c471c912d6462484ba568abe57b9fbfb9c47763e299c6d5b4143058
SHA51231c9e8a9a28b46b0ad9826e40c80c2dc3a3eb018c6659d13be187ea008dee9ba2aa139dc8df8b9c705fbe1dffd7ab162da994a43aa6a029a8462affe7fe68a23