27bd19ae463b5896ee7a5c3558d844953a9687be8e667d140a41913807132a56

Analysis

max time kernel
119s
max time network
21s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0306985707d4597438120e027e79920N.exe
Size

58KB
MD5

b0306985707d4597438120e027e79920
SHA1

50cf23ace35b87a677c017c8dc2732b0345640ff
SHA256

27bd19ae463b5896ee7a5c3558d844953a9687be8e667d140a41913807132a56
SHA512

562b5edfd8cf0707be589b9928ee8a33b562a8ada1c992bc2511a91bf4067e0ad6f9c48b6641a66f09630d22fd4ac6403ff7c8c794fbff2b87cd5efecfddbb80
SSDEEP

1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8tDe:Te76WQSogDe

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (518) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\ConfirmWatch.ram.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	b0306985707d4597438120e027e79920N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	b0306985707d4597438120e027e79920N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b0306985707d4597438120e027e79920N.exe

C:\Users\Admin\AppData\Local\Temp\b0306985707d4597438120e027e79920N.exe
"C:\Users\Admin\AppData\Local\Temp\b0306985707d4597438120e027e79920N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
58KB

MD5
5728006ab25fbfedd11433a6419a7f02

SHA1
3eaf0708261e9cd499b20a209e7ce1af67d397bc

SHA256
a917fc7e4d03839e6b62cdd6b1b2f4bf007b9332a1470b282b2aae090273c2c8

SHA512
7b9e14b1d004ea8870c9cfd80cf2ae1ae4c564524fb149ae6ea9c4a0ce79e3ab3ba716f55571c4d59d0ab564051b5d2b5604e03ec70adc341ceda573fc77cf58

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
7587f6e5685549db7f8ef00a9afe5aff

SHA1
35d8d7a6bf49bc4b10833b93226b3eb6f2447808

SHA256
e8d5968e5a184a65a47e23268796ce37168852728ba5f47840aceca437f4ffe5

SHA512
5caeb576c952a53722bf243209eafc016ec7334125ce49093210cbfc2888fd2168c54a0d1ddb4cb2dfec5d9bc10a3e23506259d104659f2884b5a859ee6220c4

Download Submit