052c63c7ac7abfb8a46573ee399edb3d98f5ab92f9733377dbd45a79fb7c3c02

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41c035ddaf46297a63e7efe01df17570N.exe
Size

91KB
MD5

41c035ddaf46297a63e7efe01df17570
SHA1

edfff9ddfb9e1a955b0cf269a1cce4ae07c34d00
SHA256

052c63c7ac7abfb8a46573ee399edb3d98f5ab92f9733377dbd45a79fb7c3c02
SHA512

c0d52c228ddc4c92715bc3dcc9e4c7b3936e0c8d119579ca17d1437c404e37d4700bc3e15989dae027ba70aeb5d579bba15c1ec1a927272521b1f1d30cca41e5
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhg:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsx

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (315) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	41c035ddaf46297a63e7efe01df17570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	41c035ddaf46297a63e7efe01df17570N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41c035ddaf46297a63e7efe01df17570N.exe

C:\Users\Admin\AppData\Local\Temp\41c035ddaf46297a63e7efe01df17570N.exe
"C:\Users\Admin\AppData\Local\Temp\41c035ddaf46297a63e7efe01df17570N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
91KB

MD5
ea292b18f4f43784d1763965e15d6562

SHA1
3057cff1b3ecc0cb7ecab4a8ee6b003bac620daf

SHA256
327170637baa990e3d1ed82ef9b894d2c5ec09bf9ea55cc2f9370e3bd128d89f

SHA512
9cec73c9e0b084fa669ccc33883eb713f94b5b5117a7933f7811725f50c08da51b2c8a17ba3df646c5b80a05e9b58a9e66c22eaa72b764769ffd408daea4b6a7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
100KB

MD5
1f678448ab5edc138b0888d5d0ef65db

SHA1
f42a566cac6d411b5a87a5147cc17ad7fcf7af19

SHA256
0bd63eaf086222cce3c65eef2c974c4f4489327be0698385359e0d6f2390a980

SHA512
e350a0a4cf23c79540e48f1a07c0952dae0aa2d42872a5ee216752acddcce39275f2f965abdc95110f167ef3142f2a6cdeec9df3862b13fe44426fbd62cc244e

Download Submit