986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
Size

82KB
MD5

f9ee1e38b2f7b3656284709bd363c23c
SHA1

42b25b02972b7228b9d45f25cc5fd75678e18ddb
SHA256

986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34
SHA512

20105ce94eab649bc97561b84e4bbf4112995b7aacd53a8d7ff2c92e6969331af8fb2aa426125a5687893aeb11923be1bc5013b96730c49cead3b8519a9595a7
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhWfxRfxenTs:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfxR

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (509) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe

C:\Users\Admin\AppData\Local\Temp\986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe
"C:\Users\Admin\AppData\Local\Temp\986bda01935e6142f2c387c76349925f78230f05c14bb75e6c77591f759c1b34.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
83KB

MD5
22be79e76a5f358e8d4f67698f2af743

SHA1
5bdf9a44d98d16cb7d2e3c2b5056b9f953ecc634

SHA256
999e8ee2f474d023facc22a3f67c611ce1028ae0caf1f8bbe0a09ee9316e016a

SHA512
87b85a3888c7d01999ec220abd70d582b7853361f51b0e4265e95a5edac0a3a2b87b00b6a76d0a6860531fc748ce068cd7947157a34f4e7aa2e568acd16453de

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
aca5e63e35515c2e45845f9490552434

SHA1
2bed260ecfb6086c6a9a3b48d1301a37ca60610d

SHA256
69da78e7f22f16f52993069c512fe1ed1b98da7bde1b1f92ad0853718598206a

SHA512
a30f2e3387b0fcbef8ae64bac23ef4e7edc63657c27f66358db09f5e626f4df33cd1379e8e9c2c66533b9fa7f0464b724761bb8f39516953a1c7405963daec72

Download Submit