ef46bee38693f1ad4bc498416eeae8aadc1bc96c7a6341e06b74f853da01fd37

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81675f5f556968bf8ba1c0a9d708bb80N.exe
Size

50KB
MD5

81675f5f556968bf8ba1c0a9d708bb80
SHA1

417d7464acad0ef5b418adf9840837cb6d8383ff
SHA256

ef46bee38693f1ad4bc498416eeae8aadc1bc96c7a6341e06b74f853da01fd37
SHA512

5f66aeb0cdf103bb7a4bde5dc78125b3e016dc0b6778965c00b4c2d927268d1544d3b5de8b5c785fb63e9f29b226455f3b9cec94087145119b80f549489b433b
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpT4wWqhYlrohYlr6:W7ZppApBULcfpHLcfp5WUYlGYl2

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (500) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\CompressUnregister.pot.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	81675f5f556968bf8ba1c0a9d708bb80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	81675f5f556968bf8ba1c0a9d708bb80N.exe

C:\Users\Admin\AppData\Local\Temp\81675f5f556968bf8ba1c0a9d708bb80N.exe
"C:\Users\Admin\AppData\Local\Temp\81675f5f556968bf8ba1c0a9d708bb80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
50KB

MD5
075ebfc345f66f44ebf17036aed22d52

SHA1
c1a6e8927e569b807d8b81f0e3066d05d3c84160

SHA256
0528e0076970b25b855f6a6a14318968effd99637c7fa95e03d6886961662309

SHA512
2f12176d8e5a3803563d1cabcd8297b797223d998be7ac65098b142b842d13427a05f4feca9390bda0fd0516345e50f5909fb335787fbbf2dd832a1616722c55

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
76fa93566adb2afb78323fcad7ad8169

SHA1
089ecabac4e3c398f14a68460ae104ad611af55e

SHA256
21eb9758ec695d71952bbac136314a078da4fb83f8f7b156c1b2aaf380e37f80

SHA512
5a33a633a9b7e5ecfad4135bf188d924145b369607abfe6ad153e3f5b0b52879d3dc345f00986040cb3897151931e3b2ab83864570f9ffbeb4aef969fde2011f

Download Submit