88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38

Analysis

max time kernel
151s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
Size

84KB
MD5

f60bc6a094f06a507b540a20d611d637
SHA1

3a59e926d898a890b0ac2d9e98add0bf005dcdf8
SHA256

88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38
SHA512

41b496fd4480cb0dfb3db4fe1ab201981de7f0d04045a404fbc067e88e4b9179c4234943edb7df888f282e90f24c198fb413851e5667c8e03434d83f387f7512
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfxMl/:6DWpLf7fWl/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (327) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe

C:\Users\Admin\AppData\Local\Temp\88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe
"C:\Users\Admin\AppData\Local\Temp\88abb67143be40ed529cc509e33bbbed75947f4999f4807863fc70b67549ec38.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
84KB

MD5
ace0d498e5936b17b034bbd1de05e67a

SHA1
46f05715a9d6b8a814f84868e6f21658e7d9301b

SHA256
7b8a6a1af56674f2d642a6fbd28d09aedf36ff8a64ad8870c190e6f71fd70abf

SHA512
6c56477f9f670f198148333f0cab6d9c60dd2b449da7421080d137b75243b1d4acba8ddc964844adaa2efc0d08328a8c754666b7faf4f396009767e58f584a0e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
a33754885a23b9ffbc71ace06d2333d7

SHA1
f9be9e8f8bd82050faa87ca4a1a7bc50118a2192

SHA256
ce71d1fef230880b4082ac49103e4cb2e1c9b1b5d24cea8a5865afa37ca6b976

SHA512
784e59d0fc74b5ee03c8a5475cace9ca21f9a81525e397f21c273a1297e7c7ccc96dd5d0aa110b00b78b8356ca91f6fc8d9d0a60d195e556437f9dbab430f227

Download Submit