5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5

Analysis

max time kernel
147s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
Size

55KB
MD5

ffa8b66f8c550173b920d5657d538f40
SHA1

922de8387eb272ac6232429b09ab85f1f44eb056
SHA256

5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5
SHA512

3010de950b44f6dda845b7a1d918d58d6f0cee4ec17514a77ce27229b1f5932f93c43564c04c1df18aac0b7e4f077e5a5d77848ec9c23261dd988be6031c9bd4
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFkTfq9Tfq7h6hWh2hQ:W7ZppApBULcfpHLcfpyDc2ih6hWh2hQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3781) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe

C:\Users\Admin\AppData\Local\Temp\5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe
"C:\Users\Admin\AppData\Local\Temp\5e3c1635333756efc3b1cad649753e175c986284f748ff5c7e72d6a854a9d2c5N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
55KB

MD5
0d4007403df68882bd903caac4532231

SHA1
b3eeaecd8e50812a1a48c095850605d8e669ff71

SHA256
d302ac7f367a07d92c3f31fc98929b04f80901563db3b18b958e60d227742f38

SHA512
11613e3cbc6f6e5257c347f6d629d33beee10612f178c747264b76865a1286d608365e421ee9934fedb87d9c098bf66627f5b0a4a9d0fd74d0c18a32d3f470f9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
28e4326d916b46ccaaa40903c929864d

SHA1
b6bfde509d2e0a648b500dd0cc7b6b14ed450827

SHA256
355b66c0c283f8ef22975f9181b30cc2060a043c0ab3987f76151c67da036097

SHA512
efd105c471fd00cb38565fb8180bcd0f851354b7e1382318d0ec99c24fddb7032db56b1f18607ae9360f4d875714464b7be2ed868c9dd17b02966510dce084a0

Download Submit