1397a0d3c4297d4eb5d86ee1343e17e3ee3447afaed8787770fcce89b177dc63

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
Size

46KB
MD5

f80f7f04bb8b3613fc6404bd5e13e8e0
SHA1

d39e6e2311dbee422d7707c364b472c123ae0db8
SHA256

1397a0d3c4297d4eb5d86ee1343e17e3ee3447afaed8787770fcce89b177dc63
SHA512

c981573aa7f4a4994c0c7112988397282a5f02759acf4b5fc795f718efe91afeb15a838be2cf30235bf306657a3c4c8e43aecca3bf8fa44f0b496ae9ed02e87c
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfpAfxRfxuKVKgKVKOFx3FxL:W7ZppApBULcfpHLcfpAfxRfxuw1wx

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (463) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\InitializeSearch.mpg.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f80f7f04bb8b3613fc6404bd5e13e8e0N.exe

C:\Users\Admin\AppData\Local\Temp\f80f7f04bb8b3613fc6404bd5e13e8e0N.exe
"C:\Users\Admin\AppData\Local\Temp\f80f7f04bb8b3613fc6404bd5e13e8e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
46KB

MD5
c077362803e0423af61a2757e66f2ca9

SHA1
84ffae2609a0a98a09231270b8d97626b8e7d4c0

SHA256
7854dff0f43ede9a12042e7a43bdf8e10a0311069d3bd2832345c59575f6e6fb

SHA512
7ac12ecff5d2672ed68d796582433cf2324b6b253b5fb17a8e4065b1b051846e844d4f6942e0dacf82a564d7c92a128ffefc9d1d12a349833878f2baa2f38d28

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
f2776800cdf1c163a5d92150d88e5a7d

SHA1
85516031654e8dadbb01a582c2d37308635a15ea

SHA256
244c232a97ff4b4fbf252beccf30916951236d8b8924061db0e5143bd50737f1

SHA512
e9c140b546166a7064708e1719b74a45acaad7e02807c340c738d7f6c81bdde0b5c6b3a1680de66a51cc84414aacd1babc72b940b9ee3ef243bcb602457493f4

Download Submit