5f4c661a48435c2f36a318eaf46048345f2032a314305fdd19ac49c917ece518

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-08-2024 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5d91b6b05eba83e0517ba7c6edd8d80N.exe
Size

93KB
MD5

c5d91b6b05eba83e0517ba7c6edd8d80
SHA1

9aafa0b2dbe92fee61b576671c296b16df2292db
SHA256

5f4c661a48435c2f36a318eaf46048345f2032a314305fdd19ac49c917ece518
SHA512

f0780e873073a0c3a8b7e1a13bbdd1d47974ab8bf9727f496c1fd4bee5f5fa9d300197288b909a3842755770cb004444732ed4fcc923d8fd76e7d8f64c6d4a51
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhR:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsY

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (333) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	c5d91b6b05eba83e0517ba7c6edd8d80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c5d91b6b05eba83e0517ba7c6edd8d80N.exe

C:\Users\Admin\AppData\Local\Temp\c5d91b6b05eba83e0517ba7c6edd8d80N.exe
"C:\Users\Admin\AppData\Local\Temp\c5d91b6b05eba83e0517ba7c6edd8d80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
94KB

MD5
77af03398fb90493bec6bc1e892afd2f

SHA1
361e01e923f831798b5b61c084384f8806548fdb

SHA256
3c5dfa876ec78bb119f34c859562c7c23042ca2c2790d5afe18788bdfab609ac

SHA512
22040c3ada2feb5b78097d6f24bac9b72db57389494a90c7e351ba3382992c67ae212f75fbd1f29face482bd4fb22ec25d2312d2325e09bf5b0062fb64f04377

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
5bb5c1d94cbbc3c5c1bc8d2f2e1a5807

SHA1
f6190ae92eebef3afacaa60c43b1f4d33b8bfb5b

SHA256
5d615c1dccf08a406698f2f5031992a397c3fc3072e1be64797d2587a7fd9890

SHA512
e49675e9f7d36bb272ea616a961af9ce0b24daea5dac7b637a274dfcffa76bf1a8a18292e13188867e46168f7611846e7289637ed59164d3ac10143eb91e8e86

Download Submit