83c65401b85611ac97c155d92dc9c2c48f70096675f5b50f283c57f26469fbed

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 04:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

57f3f5b0235adb12f5800d54d6623640N.exe
Size

42KB
MD5

57f3f5b0235adb12f5800d54d6623640
SHA1

f46c2c673c4b9039cd876bfc3befb30aca86a849
SHA256

83c65401b85611ac97c155d92dc9c2c48f70096675f5b50f283c57f26469fbed
SHA512

b8c87a619c580a3925114bc58ef892ebf9789ff2496ff6f180a2e613a3f00f1266d2e1662149a1c143b58d88f3f58d925b0114939b837d296228d716b7287325
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGwTCus7sczBo:W7BlpppARFbhbt7Y7wTCnBo

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (439) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	57f3f5b0235adb12f5800d54d6623640N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	57f3f5b0235adb12f5800d54d6623640N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	57f3f5b0235adb12f5800d54d6623640N.exe

C:\Users\Admin\AppData\Local\Temp\57f3f5b0235adb12f5800d54d6623640N.exe
"C:\Users\Admin\AppData\Local\Temp\57f3f5b0235adb12f5800d54d6623640N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
43KB

MD5
274164a34d8c7b4ff15dae1df44b915e

SHA1
d3929cdbb85260b50a2d185681953bba669a8e08

SHA256
d9856ca129cb33dc60ae9757f023404956f0391363535e96c49f0ec5050cd5d5

SHA512
c2896d1d089eb0d5b9fb9b4e04fc33c1b1b2efa09352c54f9c1ed016d10baa657d3f2c28df66e55955c7647055543f7b282eb19c31275bfa008f4008dbc689d5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
7808e17ef84e13978466281b1730f702

SHA1
d1500bb5993b26faf8010063d0db298846869dd6

SHA256
1b8a5f9e68c88c319e2de5c7a5a7e68094916ddfa5e5a3cf252f24c4bfb5af4b

SHA512
5d73a16e4ad1105ad86ef4c3a821a0987ba08ada706a6717770c3fc6b062cc8d5240374236e119dae8d8164259ca374336980fd2d7e7c35298054e359b33d0dd

Download Submit