99ef342a44936bfbc9473e18fea3337b50557816abcdb65de41fe481047c0c0c

Analysis

max time kernel
121s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54abf07ae9936161f65ae05234382be0N.exe
Size

38KB
MD5

54abf07ae9936161f65ae05234382be0
SHA1

8f73ed77be42ebaa409cf00dd8fb6855f0831a16
SHA256

99ef342a44936bfbc9473e18fea3337b50557816abcdb65de41fe481047c0c0c
SHA512

20c231371cd485e42947b71c4dd034974960f57f18f2f3ca50c46aa4bace4368bc144db07abbc8f0b693a0f2bd3610b08651d5b500984dc352d8d3e547a1c883
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFcdyGdyo:W7ZppApBULcfpHLcfpyDcdyGdyo

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (342) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\EnterBlock.xlsb.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	54abf07ae9936161f65ae05234382be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	54abf07ae9936161f65ae05234382be0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	54abf07ae9936161f65ae05234382be0N.exe

C:\Users\Admin\AppData\Local\Temp\54abf07ae9936161f65ae05234382be0N.exe
"C:\Users\Admin\AppData\Local\Temp\54abf07ae9936161f65ae05234382be0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
39KB

MD5
ebb761498264854790ff27f8d9312e9c

SHA1
38e10c119b74517304e7495d6723881d83f72e8b

SHA256
06369c133d38871023ea6fe46ade67b39fcfd4245d04db737ce58c258815c8dd

SHA512
e59613721841a2d885353b595a22973178aabc4defb6b52f7575f6e6e9803b53f5b63f314aa90b30952a28728cc662c4b7713dc03013091def9412cc71876441

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
ef813e3640cec0ccdefa104c098affce

SHA1
aaca592b0cf0ec90b557e0a320849c713b0ab264

SHA256
b0f2f7d20df6c55ff92003adca0f6327aaea853d4fa893ae23ea2704d32fbba9

SHA512
b5cac5e6d2511cbe37460a5f8197a887fa4d91b770fa52e971ad04b6acb007e779db69a0249de05cbf3dd1d3b8ba73e6903092eb97047c130e6887bccd05f19c

Download Submit