a5906a643bc4f35c6b909deb4123dd1dc05e5244aa14c3e72afb294522a6dae9

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ba6947ac3ad4838f714509ca5fba380N.exe
Size

72KB
MD5

5ba6947ac3ad4838f714509ca5fba380
SHA1

344762f98e1a270f10b581f0d6499ce314b79dd6
SHA256

a5906a643bc4f35c6b909deb4123dd1dc05e5244aa14c3e72afb294522a6dae9
SHA512

a472f61d7e386a6b8df03978d64a271a59002a99e9db7bf264213b65bc1e0d1238eedcff769b65d1baae4eb67653fa73e8019e1779f258afa415dfdc02af2192
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvS:6NLWpCZIzjwHwQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (395) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	5ba6947ac3ad4838f714509ca5fba380N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5ba6947ac3ad4838f714509ca5fba380N.exe

C:\Users\Admin\AppData\Local\Temp\5ba6947ac3ad4838f714509ca5fba380N.exe
"C:\Users\Admin\AppData\Local\Temp\5ba6947ac3ad4838f714509ca5fba380N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
72KB

MD5
4e25b932ad197d2970165b6fee5e5674

SHA1
7f84e4f346fe86a2091994c4fc6880a1874b9ddd

SHA256
126d5dec2064ebfaa9196cee679c6414276cc2072a0f68903e97cf8f613461ba

SHA512
c0458f103c0ef54cd2d88e1ad29b3dd0c20a552e3c39a322e434bdc7c581bdb283d5f256fd5eac12508ee45f61b23ada2d3eb451d931bd36a9fb8425daa15986

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
c5f0ec6dbf7f4876362bdaba1e883f0d

SHA1
e86a0abd95413ef022672abe9f9ca90de077790f

SHA256
3645bbb3a8dcf0e5742644cb23928c095b0eaa7886295751bd0d648448c67806

SHA512
f7113f851c3cfeccda6c279b19295a169af372050f626a6f1835fbf7c2d19ff22af755f6e7eba4d714bee6d59a465a3dc0e7f9f401e5a8f602cb1052ccbf448a

Download Submit