464ee1fa0691f103a92e68a329a1443269f5a32326b3f856b5451db80bed85fd

Analysis

max time kernel
119s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45215285330c6edc6bcdb61c6107c620N.exe
Size

88KB
MD5

45215285330c6edc6bcdb61c6107c620
SHA1

c1e491ae54a9c1844928685c4026d7e57ea148ea
SHA256

464ee1fa0691f103a92e68a329a1443269f5a32326b3f856b5451db80bed85fd
SHA512

faf0aa904432085d322ccbac5c62f31485a91368fe2e585c1e2a9401ae6ca2c19100cd8b9d56e7ec88992579b46035f3890aaae3934f99ddf60b9b98c870da49
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhA:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsh

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (332) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\GroupRevoke.cmd.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	45215285330c6edc6bcdb61c6107c620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	45215285330c6edc6bcdb61c6107c620N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45215285330c6edc6bcdb61c6107c620N.exe

C:\Users\Admin\AppData\Local\Temp\45215285330c6edc6bcdb61c6107c620N.exe
"C:\Users\Admin\AppData\Local\Temp\45215285330c6edc6bcdb61c6107c620N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
88KB

MD5
f8e03ddc8d5ddc6190d910b7355ab75a

SHA1
7bfe021fa72d8c656c08867415c80f8f3e494d12

SHA256
de5edde0cc13f6a136da4171919a0c5d18f7710b9530b131239228e3fdeed08c

SHA512
4cf5d85656e8512fb3dee3e5784b9e468facc61754a82e3f7a9c2a9a0a9c447066ab54dd6e706832a365931daac6dea3afa35a5150c142532eb0a4bfa67e0233

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
50af8a8b6ebb53489336705838f29f2c

SHA1
d220d57fcb9c833594a6f1b08326770d7cc8fe89

SHA256
d9ffc7854a045efe2fe0943e4c47123aa3d4602b9ad942f0e83a9e1b27c0cdae

SHA512
338373497c29f2189328bbcb48b12cebb341f9aaeab579aec7232155500bf795b30568fe3f19acedd817120e2b7de8dfe864223d510442b11d84e98b679fc45e

Download Submit