91b520d1905edda4a5e839da333fc8af4ada75db7a17c70be378827c16754e5e

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b39e20e0353415673b72587e926dbb0N.exe
Size

55KB
MD5

6b39e20e0353415673b72587e926dbb0
SHA1

6b18eea6485201a9b880242d1a94905806d90631
SHA256

91b520d1905edda4a5e839da333fc8af4ada75db7a17c70be378827c16754e5e
SHA512

d05a6450f8c5511140fa5ea5284243831523e0bb1a49a5c68274f647c13cc1fbd3cec4fb0de2d5f6d23cd54e325a07cc79bd29416e83a325cb9d4ea2b79f76d7
SSDEEP

1536:W7ZhA7pApt9uw1vo6YEBWqQA/QZl5LenTpnDr5LenTpnD1UpCUpM:6e7WpHusA6YEsq5AN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (338) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	6b39e20e0353415673b72587e926dbb0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	6b39e20e0353415673b72587e926dbb0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6b39e20e0353415673b72587e926dbb0N.exe

C:\Users\Admin\AppData\Local\Temp\6b39e20e0353415673b72587e926dbb0N.exe
"C:\Users\Admin\AppData\Local\Temp\6b39e20e0353415673b72587e926dbb0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
55KB

MD5
16a924b28386e3db7d4d842c230a3fc1

SHA1
29e1d0431d581335d1f19e23ff625f188684f93a

SHA256
92cbd471957da5a58e30e9fc4168e462636d2e60b5fa56be18b4337df5f3ee4e

SHA512
cfe8097de90f6652b014bbb2b9b6e8d00ec84a4817643f586a0cfb5d573576d8c994ee9397e7a2b7f3834184b246e07e6bb351831b7f8c77c88b8cc3def0e2a7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
aa352adc480641fdbd9f6b20e1d765dc

SHA1
ac59eb9083f62a88ff33333ba3c6163a02609a86

SHA256
c5373882b8ab8fdd2f101c922c6416e745eeb6b82b930d88533839463e5908b3

SHA512
529e8b3aff409b448fcac5a003163f2c36f9857ed141f6c20399412e84c715e3308f0df2cae2d7729ecc4ffaa20467f79f5d0e710a6ebe07de8bd76a6cd522da

Download Submit