17b83e3f9b3ecf4c4e9f21ac26fd6008b824acb33cd4f07e1799490eb453c171

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51df353521ee96ae2c1f1698b9931720N.exe
Size

41KB
MD5

51df353521ee96ae2c1f1698b9931720
SHA1

87d71810e2e0f12f3d997037c8a3d0d2f932fb38
SHA256

17b83e3f9b3ecf4c4e9f21ac26fd6008b824acb33cd4f07e1799490eb453c171
SHA512

02294689d4045d481c709fdd01db4c633d1a733a6bd12aa847f907f9f06342f78700ccbec9406a89c9bf0270924875ad86676f3cfb96c6497b6d9621bce0413c
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyYlM:W7ZppApyVyjVyD

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\HideUse.rle.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	51df353521ee96ae2c1f1698b9931720N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	51df353521ee96ae2c1f1698b9931720N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	51df353521ee96ae2c1f1698b9931720N.exe

C:\Users\Admin\AppData\Local\Temp\51df353521ee96ae2c1f1698b9931720N.exe
"C:\Users\Admin\AppData\Local\Temp\51df353521ee96ae2c1f1698b9931720N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
41KB

MD5
969eb1f817a24be070d1b331f82ec1bb

SHA1
f8458b408caa972ba8923898807c24db08a170c1

SHA256
7cfbe2845e40ee4bdabc6a87cb12387b883a217a511e5c4321942fc4790614b5

SHA512
9a11fe148213c85ee8ead0f41f0728ae1fb34d09c1ccea194499aeecc57e097813799d0a1a49405248d3150bf88c811e2fc244511df0e4ab8c3152f598eef668

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
97a18b5db3aa6021d3bd45e139f96928

SHA1
389f53d02ac9f1deda7ab262ea31c9c8281b06a8

SHA256
2199b0b5e989cbfbb821a66564ca5ae0b57d4b195d6e113dadc2b03228c4d9b6

SHA512
f4e2511652f8ac0bb32ace823cb7d5b6696b083ead5e9262457095bd8a9f6f0bab58b76b15d5914324892b00fd017cc9d18bb7af8b3a2cd427f549b03b40f220

Download Submit