96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459

General

Target

96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
Size

83KB
MD5

52ee2c4b2be4a581c295e5369994cc6a
SHA1

b7217ddc6dd3b2ba6a8db527cdb477ed18a52513
SHA256

96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459
SHA512

6e172f17a1fe1399b64d132ca1d46eae07bbd92c1cf65b99b4efc23236683dbb8006277a567badb2594da94f149c249681456c4a14e14bf9d0f3bb0d2e6c903b
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhWfxRfx7wX:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfx0

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (488) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe

C:\Users\Admin\AppData\Local\Temp\96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe
"C:\Users\Admin\AppData\Local\Temp\96a70b5ca5c99767eafa5fbf2d56a4f85f827826c4ef2bdde4b3ce9037703459.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
84KB

MD5
9f5051f8e455f6c7970063fffe647024

SHA1
1f1af713a4ae84ce2080db5f13526fe08dfff89e

SHA256
e80cfa2974ae107adeb6302d979836de181a35bfbe9824c75af3d9ddfd431047

SHA512
5087adb716dcf487fd74b94eeb254a97ba0f2e786f030a2262ac491641a1d9d4ec132049f2fbe9731fe00d39042237517182b229f93175d1479610fd9a536ff1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
6356e5277b15826c2de4c0ddfab7de05

SHA1
43d59e654d5ba9f6fc17aa8c7f383740e145033b

SHA256
8a2162032a3b6d457db4dc77e2b149224b1592fb0e2c2e385bfbef2fd00bd5f6

SHA512
14528db80520054932c2946e07ff421d96e7b52d6486e08576edd246214fa8bc49cd05671b23bd638b9b81fd152754bba7fa9d1768f2a4a59703d9da71094b83

Download Submit

Analysis

Sharing