9ad57c5be5c7c718ad16c3f389ab2ad2394246733563862eaf3e281934530fc9

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08e9dd8c73ce5b2a1195197d2df5d240N.exe
Size

100KB
MD5

08e9dd8c73ce5b2a1195197d2df5d240
SHA1

ae59c90ba82de1ee027051fd39bcb9cd4fdf0586
SHA256

9ad57c5be5c7c718ad16c3f389ab2ad2394246733563862eaf3e281934530fc9
SHA512

f28f7acca296084fae6164cc839131394be7e835636c0ba183fc680fb5c41a00ebb39725b52ad8b4b2052f17e33a4ea3524c93ed3590ab66a11bbcecf593c9da
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8z3ML3+5:6DWpwE7oL2e+efZwZ08i8z3MLW

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\CompareResolve.mp4.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\ConnectLock.vsx.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	08e9dd8c73ce5b2a1195197d2df5d240N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08e9dd8c73ce5b2a1195197d2df5d240N.exe

C:\Users\Admin\AppData\Local\Temp\08e9dd8c73ce5b2a1195197d2df5d240N.exe
"C:\Users\Admin\AppData\Local\Temp\08e9dd8c73ce5b2a1195197d2df5d240N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
100KB

MD5
073f4e59080f02206a902e8248cd8fac

SHA1
af65673b3064f293ea467fefce12905a46366cfa

SHA256
e1cc1243255c05ec773759449a1d5f240b9becd7a9d21cc4a844d90620b97303

SHA512
36c5278326bb491fc1412ed72baf94b82956a7b192b88c826e75674bfba959bc6c555926140208b0b92d956c173c004caa6eedb3f318702226db19a85a7935a1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
fbf338d582469172d9c7075d366bf8bc

SHA1
f9ec944b3d073e8f42098531a788f4ca7af0861a

SHA256
9de55666beffaae3ba7beae316ba447f2fcf6784f7d928cde8e0ad5a134017ba

SHA512
6ee5a5a6139b90e03dd7076ef4940b5979a9a508c0d74db29bf77d8a462a60c900eadb829dcc19373f8d85c56b33f49cb3560995aba82db3fc0e7fdb8bfe4ced

Download Submit