3ecbc7a119418dfb1f8310bb66653dbe3e170620dfb50158c5900202d28a31f9

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 23:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d3d6e7211b822e6cd25dad1e9692be0N.exe
Size

61KB
MD5

8d3d6e7211b822e6cd25dad1e9692be0
SHA1

ed6ddb6949664f75f95a918a389ce69159ddddea
SHA256

3ecbc7a119418dfb1f8310bb66653dbe3e170620dfb50158c5900202d28a31f9
SHA512

c5f71d23fcb21b50d46fa0df27ec78824a5d811947b78ec61b252cedb3cd672faa5814f0f08710fa2e1ee4becdb46de86052507621342ac6cc375413ff5d5121
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/GG2GQ:W7ZppApBULcfpHLcfpX2/Nw/Nwmxd1b

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (308) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	8d3d6e7211b822e6cd25dad1e9692be0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8d3d6e7211b822e6cd25dad1e9692be0N.exe

C:\Users\Admin\AppData\Local\Temp\8d3d6e7211b822e6cd25dad1e9692be0N.exe
"C:\Users\Admin\AppData\Local\Temp\8d3d6e7211b822e6cd25dad1e9692be0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
62KB

MD5
f9d18be91211f123e262f8803eb0aca0

SHA1
0f821d6bbcb3f2fc4a56e88503a3e0a55677977b

SHA256
ba3833717b2684a9a20a8908316b7ac95c953f9ae0c0678b256953eff986ea83

SHA512
53e1fdd8e3b1193c27284b7c35a3e4ccc78eb398f89debbd5633f8314e2e4b80897f279411b60a888cbe9217a8aa0f17ea51aa2d35dc082298970c885eebf62f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
50d0a8120ff437faa2b3f7b74d195102

SHA1
fac60eac1f6b70e9cf9928d36c0e28424a37f403

SHA256
f268e1aec4da646b2be0007fac1ef259ace974110d132d7644870e35f24ac537

SHA512
d07c3c58c5b45d9516115594a913be30039cec0542b945b2018757593ea76d487e28b6ce75266763bca5a550e36817cfabda81467ce79b7ff16b3c565679f65e

Download Submit