da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355

Analysis

max time kernel
111s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
Size

56KB
MD5

3a211e07e8fd6856951070bf7136061a
SHA1

dc9d92f6b214869aec2f4f337f91d35c8b2b319b
SHA256

da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355
SHA512

4792a564532569b176551959294860a6a58c5ff799be14ba2d32edce06fafe2385fee92d27e8f3f00f6c0a08d71b34179002f1ca004a2bfbdb32199fd3d993f5
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0aEMdV8IEMdV85/5:W7ZppApBULcfpHLcfpX2/Nw/Nw4xa

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (259) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe

C:\Users\Admin\AppData\Local\Temp\da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe
"C:\Users\Admin\AppData\Local\Temp\da306b1ee2eaee90022abb6a664dd2061c725920eb291878217bb99b52261355.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
56KB

MD5
7c448b281d905bec47e7bcd8340b9a27

SHA1
b98f6ed1d6579beb3597ddccad520c8cf8069b4e

SHA256
d031d4b0b44fdd18a9fede1393ffba64d98cf7df10b189231d4af727fedaa7ec

SHA512
03d90b219cc38eccc3aa54e8f91f5b8551258a35b3d7197a2b1d28ebd312283a522aaa12d1068707f8b96c79c39e78e37f9135cdf757bc9c9d7904b2efdc4be1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
3ef2703dee6bfc020281e625f5a64ed5

SHA1
bdb40f27eb7fdced65fefea5f71a797020cf88c0

SHA256
c1cd1e3622be9a3eb2c939c99806f06d24c5ab65bee8bf7ae1c033d8d192c030

SHA512
c48d4d85665991bb49383ac7cb6f2927df29fab250008208878fa65d0142d8f4198fe97007522c9296257c7f6eea8b6b857bc17ca18cfe86b74882d17f8c3898

Download Submit