16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
Size

37KB
MD5

155e2c01b64201fa68a3fd094d2f0741
SHA1

6b4da082998c289768019eb4b7a7df1e91b2fb35
SHA256

16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5
SHA512

8897ad719ce3d3669fce576d85146fd7d5cdc8f7f225508702702b11cea2da3e217225ee7dcde54d18e5a7647633b2221ffbb0462b9c54fc08b6732573972c69
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHA9jxje6OMmy6OMmIkU:yBs7Br5xjL8AgA71Fbhv/Fzzwz0bNs

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1035) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe

C:\Users\Admin\AppData\Local\Temp\16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe
"C:\Users\Admin\AppData\Local\Temp\16b97c3324633740036df70b8ce687bc227dda65288bc404152d43aa4a5226f5.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
38KB

MD5
c0eff908722a00973e537ce1c07b917e

SHA1
e5245a8bd6f3220423470a33980236353c3d9aca

SHA256
20fa1788b5b22b2e54e1683a6b2f1eaaeead12ac7d1decfe790dcfa3e0016b5e

SHA512
526b4ecfb75bd6a8fca3f24d9e7bcec2604c84474ec9f89d77dab2eecef7b3bf3591a622b403ef905b0700f1aa08e235c06ff08b187dcd9017961b59614f5451

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
3ae45518fa5622c9df635579e8338c96

SHA1
720d4d2284c3ae48a9d2c06a958ca15d19ee9f86

SHA256
16a6ce7f324382542ac388d4efe6284ae6d4e406050578d974038fb3b56aac4d

SHA512
e10862a564d4434c4bb40bed4ac1df0d350dd33ed1056f4c0dda6ed7439d67b97cf0c7d1e89096d925abe5ee7a5f2ea0efddc341bab7281358af35368eee9e25

Download Submit
memory/2388-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2388-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download