6f7241dc528a8897133bfcfc91e85b18fc6ce295fc897a6161a83a02ea9832d3

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88067ba0c9ac2f33491280b383d21270N.exe
Size

57KB
MD5

88067ba0c9ac2f33491280b383d21270
SHA1

bc69bfa77cce5ece9ddac0306cbb8f64debd7be1
SHA256

6f7241dc528a8897133bfcfc91e85b18fc6ce295fc897a6161a83a02ea9832d3
SHA512

5059ba3a1ddc04360b45ffcbc69d4d4dfc173f176f8f610a67591c4bd8e66b414c03f341699bbad385084ed2f23b228fa721dde50f45e8bc301cb6d03f1d3847
SSDEEP

768:W7BlpppARFbhwEnAAJ+AAJ9vcYNnVvcYNnfy7/Y:W7ZppApwEk7n97nJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (228) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	88067ba0c9ac2f33491280b383d21270N.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	88067ba0c9ac2f33491280b383d21270N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88067ba0c9ac2f33491280b383d21270N.exe

C:\Users\Admin\AppData\Local\Temp\88067ba0c9ac2f33491280b383d21270N.exe
"C:\Users\Admin\AppData\Local\Temp\88067ba0c9ac2f33491280b383d21270N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
57KB

MD5
4699ac9b3ee6a0b439abe487ba9c2ad0

SHA1
a8f552be277a2cdd61ef23255ce4172b1352b898

SHA256
635183c6175a79e24c215eab2a3dcfbafde5aef5b8278839bba1e2f6ebe978c6

SHA512
c08e4e868a592ba699da06a08b5957952dcd59b764eb48a24a1f2132bc3e0949c76d823d49ba51ce44dc7ad518e1ae6c39f60ad39c593406c321c529c1ad8f12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
771b3f1ee485bb68f89f138c2ffea194

SHA1
2e4ddbbd2649684b04c096fb66a9f9c63de99bcf

SHA256
86f904c85fc3abba90e00bddfcc8eb8d995799f08b0d95e9891cad0aacb6006c

SHA512
8d50dc58ef63696246f21db829588a44dcdd8151253948d65d46ad99d3109c1fa8b37f2e10f7f47f69eeb435a30a32dba3a7b712a4dd3d825e4eb7070fb631a0

Download Submit