c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
Size

46KB
MD5

72da1deec448f089f200135bbd265cec
SHA1

33e8f6e1c8fda431f772d43959bd2348314d693f
SHA256

c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d
SHA512

a377c6913db7597a1ca61e120f20489783009fb760d189924f98bc6eb70fb7a0ca17f3e75f4bea56a99062b6158b85c985811e0d55bd9b0d26cc32ca539af220
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLcX4pNX4pB:W7ZppApBULcfpHLcfpyDgpupB

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe

C:\Users\Admin\AppData\Local\Temp\c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe
"C:\Users\Admin\AppData\Local\Temp\c3870f283a48fd534db6ed144d9691f2ba3f0f5d8c0bb16c9927b31b84d1d27d.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
46KB

MD5
1d031c613e275701e4add258a462d3b5

SHA1
91b762ea93d1b14659d61b82c7c773068a161b8c

SHA256
b9c1dfafa38f581a35a6e88b249ea71ed54ea64b931483fa56fe512bccd8d07f

SHA512
07c9ced157078de20644f48b380e322737bc2d19dc524a5c6974b165fdf6ca0c5536a88f13f872c509e03686cb2822b81a47773f23bfaafd39731f97494c1d5e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
25cd5c8be16e24c0a3c99607dfcca725

SHA1
08580b0490536c1a5d61c7fb353bb3563a6f5cec

SHA256
9150a97910e79e1e0d84de9d57d6de2d641138e1d3a8d26a3a8a786683a859c6

SHA512
8b2238cfd0bf1f4f7ab946deacd3aff3e0f824045128add8170e0dcac51de87069b34e3304550cd682d74ccd5c28fa8c3ea1f89461974e91d955b36044073bc5

Download Submit