f4a131ffcacd9a21cba08006cc5032ce2b67fe48ce86834549f37f1a3779be7c

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 20:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

046f9c8f53662ae90c06772b1e769430N.exe
Size

57KB
MD5

046f9c8f53662ae90c06772b1e769430
SHA1

e2d30891954f6286b738d8391ca7573d56bc268e
SHA256

f4a131ffcacd9a21cba08006cc5032ce2b67fe48ce86834549f37f1a3779be7c
SHA512

bb6c5e8ce7aa7df2fa7c1ce6e6a8ac0bdff22db64770b403e6a90351f0cb4b9b4a29a55eed801765835f1e01bc53d45439b648380e6cd3ba491305cb04061ec9
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsFMG0Z9hREtG0Z9hRE0:W7BlpNLpARFbhblkYlkuvIYFdJSpXeX1

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (251) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\FindRegister.xls.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	046f9c8f53662ae90c06772b1e769430N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	046f9c8f53662ae90c06772b1e769430N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	046f9c8f53662ae90c06772b1e769430N.exe

C:\Users\Admin\AppData\Local\Temp\046f9c8f53662ae90c06772b1e769430N.exe
"C:\Users\Admin\AppData\Local\Temp\046f9c8f53662ae90c06772b1e769430N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
58KB

MD5
95a2dae04885f6ba3a2ed62ccbb8b233

SHA1
85e7ae7f27f9c6168264ea5ebc52649253bf5857

SHA256
bb6ec270d070b9c2de1fa551a08de67842eedf42573c896c9f152a2a52d5149f

SHA512
7b3cb989630be3cb5d93a7ff6b2a93bf3d60d2344b804f942a34f822ddb39123ecb012be6b70bc281b01a1acf216cf9fba4cf2a3d477caa386839498d306cb21

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
97f8c4c78ece00745b696610b3399927

SHA1
2a5fbdb81fc0a930d9d172917e89491c8ca6f50d

SHA256
a2d0edb5a3342f9d047fe273363da9338e4e2cb460aac40f9efd334cd32fd12c

SHA512
b94c7f2354aff1500d4476109bf1c31321fce9a499c44b5d24f1fd55d43c1cda836add04a67b70cc0ccfae0f20531d2030dce762e3a1cf19ba24071d9618c5a5

Download Submit