Analysis
-
max time kernel
116s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
27/07/2024, 04:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8e06517b38eca6c66be7e4742caf7d10N.exe
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
8e06517b38eca6c66be7e4742caf7d10N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
120 seconds
General
-
Target
8e06517b38eca6c66be7e4742caf7d10N.exe
-
Size
38KB
-
MD5
8e06517b38eca6c66be7e4742caf7d10
-
SHA1
203f6095231e8fc14a5d47d3c25950758120e20f
-
SHA256
69a247951252f48a5de56e28d0efe0bfa8c99c15da91c3795d9247dab490a58a
-
SHA512
3d7f3d246f462576f75833dd0315ae2ceb8514d73408c47da917a8cc52cb60696c6634f2bff2bd0b29ec337a1a8612eb2e1728163d831209c2548fcbf5047560
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBN1qmq4Gqmq4MAAAJOQAAAJOwjyjuc:W7BlpppARFbhwEnAAJ+AAJbjyjuc
Score
9/10
Malware Config
Signatures
-
Renames multiple (228) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\7-Zip\Lang\ka.txt.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\7-Zip\Lang\va.txt.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\DirectDB.dll.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\7-Zip\Lang\fi.txt.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\7-Zip\Lang\lt.txt.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\DVD Maker\offset.ax.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe File created C:\Program Files\7-Zip\Lang\mn.txt.tmp 8e06517b38eca6c66be7e4742caf7d10N.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8e06517b38eca6c66be7e4742caf7d10N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD5a0e247d6755e6d222bd174959fba6cf0
SHA139d5935d7510356b9d8ba2c61246b53892b44dc0
SHA256e86789fe7d8ac229bb7bb3e12288d72f08c7ccc4d60a67dea36a8f114a6109d6
SHA512800253753faa5b1780748da0032708bb9f5124dec4527f804c6f67f942170a9f8978005daf116e07b7cdfb775f09750187b6373623ba8eb5431877224c29e138
-
Filesize
48KB
MD5667d63389d927587480c5a654d051cc6
SHA15c693b47ade664402dca0793a8ebec3d28672f7d
SHA25692f1c269cd9cc993f0672adac94034aecd48ef5a9f9f381eab646711756a6c79
SHA512a0e054e60b316a07cc536ba89c583ccff61c2c09be9f290ed56176756b0519da37ed23d5a624dd0fe93e5144b8c92b3e12e18b7b09d5699418eef33252b85908