3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
Size

37KB
MD5

6bd5be2d2cd72ab13a0b0faee8e28290
SHA1

512e332ef21065bf41d11ea9d7a6e340c95ff59a
SHA256

3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9
SHA512

0319fe096475f88edb3f64d21fcf6595d55c651f29ef33da9ec4b703aa2042fb8d1022748ecaa9714d155192ce948627c51e7ddcb18a2d698b54af23d4eb1b17
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltE1k:W7ZhA7pApM21LOA1LOl6A5

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3418) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe

C:\Users\Admin\AppData\Local\Temp\3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe
"C:\Users\Admin\AppData\Local\Temp\3b63ab95448e35e1fc82ac4b8eb23233771003f3a705eea96f4955328d4eb8a9N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
37KB

MD5
80ccbe6831cfbf22a0f099b5ec7ba6d8

SHA1
9b9d41f4c4d250469969010c6109c3e325902fea

SHA256
c695c43c933e09a94cd1855388cc12bbd864dc1cfd7d2b2d427aaab1d99a740b

SHA512
791711270fda6089b703042d984ffb26273edfe074e71532a7dd9c44a8c13db7c748e74a2820d03b1bbbb06eb8e4269ee662479e6e29668b3f08b9a7ff7e397a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
99ec6b974c023c3795a1627126bb9860

SHA1
4845aad710ad89a8bb402112f1c13bbfd3005967

SHA256
eb6f4d5057cb644d73969c4b2fa565e04cde912f4ab7f417980a8445e515dd57

SHA512
f2c13a6b71c28ffe3f865559bc6b2c681c73f5d788a4a528e6f13f5ddaa9ad1d733a20b9eae01ef3a62c4f268e310259bb60f1739471b8aacf21587fa1f8d3d9

Download Submit