a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
Size

104KB
MD5

5d4ea5d003e21b89670085c42f217d6f
SHA1

71ab1b8290a8c6493d4c886d8c14ddc4bd0fbf43
SHA256

a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1
SHA512

cb0fc925b68cd58a7221638455ad3ff59d1f05e2b0af8eee9be15aef77f525359c75252266371586d42ba792ce84d3b54579831da1ad925616350fdf4c858333
SSDEEP

3072:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9ilV:RqlIyFESWu0SWu86jYlV

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\TestUnpublish.xltx.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe

C:\Users\Admin\AppData\Local\Temp\a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
"C:\Users\Admin\AppData\Local\Temp\a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
105KB

MD5
f83161b94a47d37ec5c348e40f9ed64e

SHA1
6024d3e0cbaf0ad54210ddea42ea6f2962ab402b

SHA256
418d7cf317f6d7e0530e10dc869fafb42bd092a6bc65990bec5fb6a0b272b634

SHA512
da725a6150d64a36655aff315747194d1dfd8b6b946ad641fbc9177a1d7f4b233f017b0b475898b314843c2e93d5babcbe7686114f97a55763eeb757b8bb1ffd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
114KB

MD5
ef67661dbfad523f2d5b0c3bdd3794ec

SHA1
e693dfcf12e81e6683c3faf0e3bccca82619082d

SHA256
51a1b892655a487aa909f8bb7da54de53fef4aa1f74aa928660730a85055541e

SHA512
f8dd5f47a4898865af210f5cfb92a9ef125a22befa721306ea37303195e6937d88fb4b187dacaa4412766794fab2d2f9f0a87d4ebf2b8d8f60c6a7af71e60a25

Download Submit