3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
Size

51KB
MD5

ae690a3d8289c146bb4d4d539a800cd4
SHA1

85ec269b85921b5417a060322ed05acc9c94305f
SHA256

3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e
SHA512

2aa1deb7aa208d7c5b3deca357ce043a37b904355c95bf4b910fa35fb601a96fb1bfd1ba5512cef05053b2f70473808baa665c9ace081bb988e59d1539e0b735
SSDEEP

768:W7Blp+pARFbhBgnKLMWK9WKD2N2LSarSaXfgT+i1xrfgT+i1xZ:W7Z+pAp2nKLRKIKqoLSarSaXYXYl

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3783) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\xlsrvintl.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\settings.css.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe

C:\Users\Admin\AppData\Local\Temp\3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe
"C:\Users\Admin\AppData\Local\Temp\3f75c3d74a63afa196e6066628816c535e21465bee72c84f6536ba2c53e7054e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
52KB

MD5
82e570506739c2d8f3f19903f3d11cc3

SHA1
a1cb0f9d4e3fb1efe48bd708c0a212d0127d6e9a

SHA256
7f62d14de4ac61faed6da86ddaec87e8cc57693ee2935af0b96092fa9a700b40

SHA512
7bc3956e2cee8e7bc566bbab7ce9a4d50b3fd5bd123bc33486b1ab36e0834e5622b0529a42e9d2cbb27d983a9f189adc747f3b35832c18eef82995408ccc5df6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
3a78060324bc60cbbb1b61db883b1792

SHA1
ad26358195ac54f3ac5a1e2b66b71bd2452cf68f

SHA256
ea6f0eaabe2783bfb97bf5f821ab1a05973d5034ad6dc977e52a1c43d4cfa6e1

SHA512
7f4340050e40b548dc74a922e855c5294712b81d5a5d7306a7224de6ee02f34ad8790a9710d6e5863722968ea7753f9ac876c924350a3965d082d64f2710279d

Download Submit