1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
Size

45KB
MD5

401132920d6890bd7c4459dc1feb2967
SHA1

a4adb09429caa3acc50d8413dc61b9333befa968
SHA256

1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0
SHA512

3da3354701fd5be92539c88bae43ef706b9481af7120b13184f81cf86eb9bbf3d0ceda301959c98694061fded345a2d4a2803921bc3b71a29d3c5dfd656ef96e
SSDEEP

768:/7BlpQpARFbhefnj0Tjfnj0TPuQogKO4iJfogKO4iJEovdcvLei1xaovdcvLei1V:/7ZQpApouADsovdcvL1eovdcvL1v

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (924) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe

C:\Users\Admin\AppData\Local\Temp\1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe
"C:\Users\Admin\AppData\Local\Temp\1b0769482dfa333fdc32ca57d8d4bce4345bca9e7354a80b792b292b420da8f0.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
45KB

MD5
674fc4fab5c91d640ead94ebd8a3d563

SHA1
ab01e3f40678b2cf08d63437643e297c0b4747c8

SHA256
74c66fad8481d8873e3c43a4879aa132821b7b7bb2a6e36d90221de933a750bd

SHA512
94e479383a271de4f66a4eee2238cbad930352a7317623d7f2d4a212f2e86381a9b03f4275351ca1d305f30ca0afdf3e0fb61f862693880c1ed561476268d389

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
6b5ba42934a6da50db69ae50b3b8fd8b

SHA1
41088b777c7fdc78a638ec26ef4f147b5af44ceb

SHA256
09cfec1e50703af573cb165c1d151238507a8729009edbd7603e71a645eab551

SHA512
1b1dad09f4e59ea588682360e7c61d37554ec08a10f834f74ab2f5b136c8e2f4cbdd7830e6c7a2f4eacfa0feb1955b9ff137c324b6284dd067947b4edd187dd6

Download Submit
memory/2448-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2448-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download