45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
Size

85KB
MD5

15b0500472970e36db4523e54c5f50c5
SHA1

0085a748187dae428b27736468e825461b242875
SHA256

45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7
SHA512

f725c839b4cbf26d285d4e93ef83ee72b94a4b1e9057ed1aab00a2efa1ca4cc85c0c12bf098f7ba7d28deb9554011ff599b8957392bcbf62dea8f277b9ce2bdd
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzY+:6e7WpMaxeb0CYJ97lEYNR73e+eGGN

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (631) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe

C:\Users\Admin\AppData\Local\Temp\45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe
"C:\Users\Admin\AppData\Local\Temp\45d8b8bc7cd8ec7691b9962dbe000d3dbac9bef966c419483fe3645aaf5263a7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
85KB

MD5
e01f569e11fc7ebb2a92e0028ea8ee61

SHA1
54fe62e4d55b401e41cb5d9e83c15a2d9aa8d134

SHA256
dcdbe937660efbd2d6a63a15e89430ed8acf939fbadaa28125cf58dab1ea4f3e

SHA512
63456910601eac082df872bf9e2ff9e5c5aa0d7029fd7b175bf6d3fc4f5a058e1fe8b846e59155215131761811c73b1df6c83b6ade586e10964e667eb69444b4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
7fd2bb1de77227f352706f28bb0775b8

SHA1
277029e8f76934917aa0c46856d5b9a3c2da303f

SHA256
ebc085c68f59bc84897f4e8e5bb6f0e1689bb87a396a2e14d79908cbd9325731

SHA512
21f51a4991e8fcd105f4c6a9dd9675864d6de966239a47d2df12a79133e895fe4c51712d2ea46884261b15c3d057e9ad0db24af2c6d94b7b5f90884a042c4a01

Download Submit