59c7311c4bb76ee16fb95c81da26adb478704932d750e569fc7d9dd6208c9c8d

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

030caddfa32b5df6ca6482419dd0da30N.exe
Size

87KB
MD5

030caddfa32b5df6ca6482419dd0da30
SHA1

b9caaa1bb69df7f3e25769a888a7cc0be468ab47
SHA256

59c7311c4bb76ee16fb95c81da26adb478704932d750e569fc7d9dd6208c9c8d
SHA512

2017f7aa27dba09c65f335c53fa1aac40b8f1855ce07acf647d204d2137800bcddb552fbeffd021411343631478116b7236ad377d0883b9085fe31806bb00ee4
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhyEXBwzEXBw8/L:W7ZDpApYbWjIoPyPoLzV7c6ShF

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\ConfirmConvertFrom.m3u.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	030caddfa32b5df6ca6482419dd0da30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	030caddfa32b5df6ca6482419dd0da30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	030caddfa32b5df6ca6482419dd0da30N.exe

C:\Users\Admin\AppData\Local\Temp\030caddfa32b5df6ca6482419dd0da30N.exe
"C:\Users\Admin\AppData\Local\Temp\030caddfa32b5df6ca6482419dd0da30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
87KB

MD5
f6489768bd540d7775fbbb025f8d78df

SHA1
c5bf275c258b4a895386d67c19210f5ae585e712

SHA256
939ecbdd0cf822164f14b7d736822189b3f6757d986835425e45db263059768a

SHA512
f23c5104ade9583a5d705423c975550e5c5172b492b9476a125b9c6f068820cd707869e981527004e0e853d120cd8de0a6bdcedebf72407949c3954a7ed5b15f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
96KB

MD5
29dcbcb6d526511f49bf977fd25f8661

SHA1
656a0c209d3a989d5c6cddb1562092f3d3f8a50a

SHA256
c5a64efdcbd4423251eefae9f14f2748840535d500fb0f1b24261a5a79da6cad

SHA512
a49ec01a3ccbbd581c2e72bfd22e8bc04a3751b8f15807d4b0af293a31a0ed834b416c142af2faa26d85b2386fa29983283e50210a67012f82c01b838bbf5672

Download Submit