b331aa0a41b5f80da59f82fa7b2c386a2c3bfccea93317f419a26ada70712c3a

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 08:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e50b917d4eb222e4e023d59c58b40610N.exe
Size

65KB
MD5

e50b917d4eb222e4e023d59c58b40610
SHA1

2643f435a41259cd2647475ff1fa1b1d858bbe8b
SHA256

b331aa0a41b5f80da59f82fa7b2c386a2c3bfccea93317f419a26ada70712c3a
SHA512

0a458d9da258c9bf1d1b80249590ffd20593bd8b5c00419ea3ef4656fccd37772e164f6ce2be0afeb5108522558dcc51d9a393ef98f81adf8fe7459e6d6c6068
SSDEEP

768:W7BlpppARFbhWJq5nosMosToFwA9J/iA9JDwA9J/iA9JJiuR9pi1xOR9pi1xz:W7ZppApF5noZo4o3iM9ko9kn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\CloseConnect.mpeg.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\CompareOpen.i64.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	e50b917d4eb222e4e023d59c58b40610N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	e50b917d4eb222e4e023d59c58b40610N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e50b917d4eb222e4e023d59c58b40610N.exe

C:\Users\Admin\AppData\Local\Temp\e50b917d4eb222e4e023d59c58b40610N.exe
"C:\Users\Admin\AppData\Local\Temp\e50b917d4eb222e4e023d59c58b40610N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
66KB

MD5
f15ed14d9299c7c6d1c31f0d0b6084e3

SHA1
674be3453077997f317ea01add8b801191a8e8ab

SHA256
d0c82995924780355c9a5b3e61d906a94f7e4ac195947d2e950caf6ee6237637

SHA512
9f31fa3cdf26e0b42d1b737349ae582920b4682baccdbe2fd77db6295e40e53ae8e09a499d54e403138e70131538928df0e04908192bf46fd367631c244f98c2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
e97e909c8860f5b88930d872c201ab1e

SHA1
e66bd193b68ff3a9a13e7877e71bcf99cf7165c0

SHA256
dff81b77e6bf3f44e33052a726eb187c32da970500a976f386c4768d49910b5b

SHA512
f789730f1aa1bffdf856d5e3ea0839db9f2a736721d905d07ae9736a4a91cfc8e280a89f9c2f047a18b4e9729c0f52b42218b6c27abe0d0170063bce365d7342

Download Submit