e95c56c909afba6dc3a232b04dd2dabf26b28ebba80cbf3aa15b86bb98c4a416

Analysis

max time kernel
150s
max time network
15s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

104048caf3a1c116a5c19f582fbefc90N.exe
Size

72KB
MD5

104048caf3a1c116a5c19f582fbefc90
SHA1

431d39c8aad32a72a5fb23a3fe3b8b217de3e87e
SHA256

e95c56c909afba6dc3a232b04dd2dabf26b28ebba80cbf3aa15b86bb98c4a416
SHA512

a8b4a0dbd3a8392acfc6e363b66810fbf541e5eff18fbe31f72090c7fc4b529a0fa3be2b1658961a520278a74c69fced83686a3af4721575ae51dc13955a3a1d
SSDEEP

1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZv+:6NLWpCZIzjwHwE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1030) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	104048caf3a1c116a5c19f582fbefc90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	104048caf3a1c116a5c19f582fbefc90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	104048caf3a1c116a5c19f582fbefc90N.exe

C:\Users\Admin\AppData\Local\Temp\104048caf3a1c116a5c19f582fbefc90N.exe
"C:\Users\Admin\AppData\Local\Temp\104048caf3a1c116a5c19f582fbefc90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
72KB

MD5
16ae921a3a8cd17a17ae5ad37c267695

SHA1
7f1dd091215a270e092f45e595be4cc4c0a34719

SHA256
6927d591360c029c7391d0c07b3e8341589a5f53af8c6d8f92b8bf352d84de04

SHA512
316edffc909f43c5381b38cf92f5fc5cbe1acdcfda1ad47319bdc46cfa6e5022500ae1db5875645c472014fead7904ceb18d326657e3408995a618120c4edb0d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
e8f6726978d0f912c2ac67037709543a

SHA1
80f9e7e10cf7880a43b46ef76277d6bdb8d1498a

SHA256
72660cc8434c2e2f1d67145ea41513be38a45fc8711b64db1bf3140e0319f142

SHA512
36cc28c9be8cd100839fb5636872469b77a58fcb468cae9185b27cdaac538c9dc22db68ef3f6d5d88b7dcab8fa740c48c811b0a8445f328eb3c1005b5ff0b5d0

Download Submit