0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
Size

53KB
MD5

5009ebe1b4fd483a81e18cba552c3996
SHA1

a2a5adad76f56871d0bdd8e3740e34e0f8fabd81
SHA256

0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4
SHA512

0956dd15da983c2872c4489e1f7c92f2c25008e5a8b2f79824765d556aae02bcf781d06d056901e4697e7ea92ed6293e8b06bbd8a8f5a4b60fc4311123a87247
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyfxAkJhxAkJ5uv4Luv4Ve2/Qdme2/QdAe2F:W7ZppApyVyjVy7bJ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (926) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\GetConfirm.wps.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe

C:\Users\Admin\AppData\Local\Temp\0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe
"C:\Users\Admin\AppData\Local\Temp\0a3c950fe8f77b68b8b7fac97b51df538c18c2930d17908fccaf5a31869794b4.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
54KB

MD5
4ade3ec024cc71a499fb5247ab6de059

SHA1
b459037986c962565a79097953aec3393a22dd8a

SHA256
24d75ff70407ae3cd354ac2ebc8341c3f99dfaeb3093497acad5e8e9bd58606b

SHA512
8bc3fde0d1842ea378718b647d1d3a8ccea4893ab62ffaa83cf2306e2f66bc43ea438ce13aa5d51239cde03763d1e358797147cc84d223e0a86503753162d0e8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
3098fda44800ed3d34dac42998f1fe05

SHA1
228840ab38ceba0492e1bf0e68154ff1b4ba768d

SHA256
04d8a586c32eefd37d1f66f2b8915f01de7795fc64491952838c16d1b41d7ba4

SHA512
fec4a3d84082efbc234d195723b9020bdbd9aa97664c28289c339bca7c36c0e7361acb903e27058e68f743073893884df0cc66a0b0a8aeabd71e114e1408759d

Download Submit