Malware Analysis Report

2025-01-22 20:17

Sample ID 241020-bmwvgssclm
Target 3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N
SHA256 3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10

Threat Level: Likely malicious

The file 3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (1066) files with added filename extension

Renames multiple (2117) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 01:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 01:16

Reported

2024-10-20 01:18

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe"

Signatures

Renames multiple (2117) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe

"C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 616f547f1d3065bb31c98bc4bb209dcb
SHA1 c2ebcf6a719a045abd8bc0b0b5f7bacd104ccef3
SHA256 69945102664c866bb75bbdd698f886046c4babc671c6ef94eb4da0fc39d79d53
SHA512 530a61dc70707e20c41d6722f6fccda04ec474b3bea8237033e6a4be302df0a56c35c8f005fcace0debe70b8d14d8d18dab22a857a0b3501107c3195b3dd2178

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3d97c450f6575009dce34a040e7b39bf
SHA1 f886e817f0e6d74a5e5c6b473404f8a7d8d5b117
SHA256 8c728c3be5679218f7b23edda90bfe689f5cca40f6132f891651c0ad7889c813
SHA512 b1da577563c994d030c3376701de6abf400e27d00d5f0977e41e256058eb674ba49fa09bceb82271544331bab80fbb82a974592eb281730fe1c318f87ff0f404

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 01:16

Reported

2024-10-20 01:18

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe"

Signatures

Renames multiple (1066) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe

"C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 abb1a0647964cb8decd9cc06dbbfa3da
SHA1 86ff91f8db320a51615245f44e7699711f44ae6e
SHA256 211c5ef963357c5dc4285b37e3c33f3ecd45611f12159a606a36555ece4f2aea
SHA512 f4903f14ea4ae9d6625b0d2bebe081264c26b1e22b636fe40aee7ec4a0846e938d4e41481c6f8ee056fa9c28778d49137ea293c5aaf1c53fff39b4fe78fd2861

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e473dc54e65882428b7a2575a96e111e
SHA1 050b6b73aa5aead50427d030030a311725a511ac
SHA256 28cbce0be3995dbeae67420d5aa71c4f823128e19b29f3dbbc7bd5ef4a1c3763
SHA512 85637c95c7224092b1038171301b7123ab003a709a75861c89133d63daa8974636b1e1ab67b6aa35984873d2b6d89ef7d34edf7f5d79f9210d83bccd77e45fd3