5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
Size

55KB
MD5

ffa8b66f8c550173b920d5657d538f40
SHA1

922de8387eb272ac6232429b09ab85f1f44eb056
SHA256

5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5
SHA512

3010de950b44f6dda845b7a1d918d58d6f0cee4ec17514a77ce27229b1f5932f93c43564c04c1df18aac0b7e4f077e5a5d77848ec9c23261dd988be6031c9bd4
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFkTfq9Tfq7h6hWh2hQ:W7ZppApBULcfpHLcfpyDc2ih6hWh2hQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3370) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe

C:\Users\Admin\AppData\Local\Temp\5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
"C:\Users\Admin\AppData\Local\Temp\5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
55KB

MD5
fa9f4a86297048c98042d867b5ee18eb

SHA1
ec11ccc3b972dbf30d45c78d667453fb0dda67e5

SHA256
8d8310dd0ed5f04a46fa2b002246cb78d7a1dbc463a50aad716c1eb4abb0e623

SHA512
67886d9fce8fc28dabb39cb5cfb77c1a4e841ddc3d924d289435b97e6e59f630d176639c43d0ed9e2cc977f452dd48a76a8c2e735fec1c00ec5b008a061f7398

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
dbdd1172f6112534980317cc84170ef4

SHA1
7ccd2c74ad4636a697d014aaf14c0d8b97f73356

SHA256
4fe194c2d85635482028b861376a9afece5f9f2a14418e0599f62a3b2c625298

SHA512
cfb7dbf16cfd67aad376106e53cad65c1df9835e159bec246d2dbbe63d895a824f66f91fa76eaa35e6eb62477fc95f3f18ff749fe740b506931194c773616ff5

Download Submit