3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
Size

65KB
MD5

43d6e5384449ba811def2858191e7f10
SHA1

07ff5ad4b240e93c5959d0467b9357310b5da669
SHA256

3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3
SHA512

89b9525de55b04bfcd4276588fb55b0e97090fa58cc037042cce0d05cf11df0cdf247d7d08e3b53a7f21523080188e6500e1222a4612449f7765dac62dd5f342
SSDEEP

1536:W7ZrpApojswv0EhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFso5:6rWpcsHEhLfyBtPf50FWkFpPDze/qFsg

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2649) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jre7\release.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe

C:\Users\Admin\AppData\Local\Temp\3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe
"C:\Users\Admin\AppData\Local\Temp\3d950359b17fd870b86652d80dae78beb24b16aa809410ed776d49473bef87a3N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
65KB

MD5
5a35eb4e4cc7c0d05dad2a528c1c0075

SHA1
3379ca1455fc440b9395d911ed976e64964d6492

SHA256
67bebefbb8b7ee35d9749df1e16784ca145d1e1d72429ae154965457f2e27637

SHA512
18c9dabbdf5dacc8ea96c661816288beb1f5ff0dd302b5596b28f42eaf59e4775c437b93dd422b2b7f7798685bc3a285775720be697bfad506a2c09cddfe2197

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
c6b7a92c8d5c871036accbe6eb545610

SHA1
788e0ba2fed81d896fef8398ca322eff4d37ab4e

SHA256
5f88e565f8a7f91f8152e78d34380dd4bfd51f00014f2916d46c58d9ae9831fc

SHA512
f5e6feb2792d28ad70da5b9e3e380b62be113b658e32b08428aaefc26abb38169045e68e3cd69f9b8b2f457499e80fc317a3c170c6d23a6bb606d6ea2ea66f28

Download Submit