73fab2451ba1ce00ab48d90f70ff3fa63289aefe3cc66ef853f85fcf3f4eff17

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e728cfb6bce216b9dcf99364704b440N.exe
Size

86KB
MD5

3e728cfb6bce216b9dcf99364704b440
SHA1

f220201cdcc0d51c671c192193678385f76beda4
SHA256

73fab2451ba1ce00ab48d90f70ff3fa63289aefe3cc66ef853f85fcf3f4eff17
SHA512

6843913ef0f49600bb85d83606a8cd9621a7413af70b62ec007d5967fcaaade7e6d3b023938ced67e94f92a1b73252dfd9b2848ca697ef1d5443639dc2057cca
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReT:W7ZDpApYbWj2WTWJe+e/qXhgOHC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3165) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	3e728cfb6bce216b9dcf99364704b440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	3e728cfb6bce216b9dcf99364704b440N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3e728cfb6bce216b9dcf99364704b440N.exe

C:\Users\Admin\AppData\Local\Temp\3e728cfb6bce216b9dcf99364704b440N.exe
"C:\Users\Admin\AppData\Local\Temp\3e728cfb6bce216b9dcf99364704b440N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
87KB

MD5
af6bd7bf7b4550983d24121b5e3100d3

SHA1
08c951cf0f27de4e5bc7ccba8d6ab07e9d885cfa

SHA256
97be94a940d283b4cd59bfc1364407aa306b9eec7fde8e13a8a953a92e08119f

SHA512
0268ba91891c2d477835f39c42b61b976e00d9246a13fb4def6c1e7198930fb74d91124360f9bc07faee4a2a985b7b9814da5f550fb2640724552f77e8b3c5a5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
96KB

MD5
67fddfb729970d9d11329733f044934d

SHA1
8a602ccb38fad81989c14fc43d1deba53956b56a

SHA256
fc8f898d7a60b0b4760f1e3ed915500a35faa80875d4dcae7347c8145845a6a2

SHA512
9c3d7b7bf3670b8e717e8d30bf18b4977dae73df7e693aa818480b7837b9165c7d0ca97ac01586ad0b0c79558c5a5a5477162731fadb101cb3bc80a9a048616a

Download Submit