2ab1a99a65a75c4536f2ffd2c92ee8539524abc600108dfa00c7844c1740caa4

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
Size

39KB
MD5

53b8b6ad33b6cf9c84f00aebd4f68bc0
SHA1

225d0d62a5896009586551660239a1003c376eed
SHA256

2ab1a99a65a75c4536f2ffd2c92ee8539524abc600108dfa00c7844c1740caa4
SHA512

438be90dbfb2e03b73de8d0b43d31478426a1bfce7eb5525a32f404d883277f748a2521612a8b01e0ecb4aadb79c186c47043c5868c548a08f128a94ed5e13b8
SSDEEP

768:W7BlpppARFbhjbhPKueKudLw1GJTx11EOJTx11EI:W7ZppApB7ejEkjEI

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (506) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe

C:\Users\Admin\AppData\Local\Temp\53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe
"C:\Users\Admin\AppData\Local\Temp\53b8b6ad33b6cf9c84f00aebd4f68bc0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
39KB

MD5
87ac9ad931e9679375229304cfe899e5

SHA1
6ed00d1437b0c00b7a4d2ab7c65ca04a1183a966

SHA256
1bbbd33f78db1d565a5e03f35879cce32d50a0a956c37a695503c8c47495e618

SHA512
96bb957037b8a51f073f811b2ace114a4343baaf5431db16e2263f991e91bfa337e328058856d1e85f58bfe8bf1b9e1f07013f6aaabc1e8358eeed2d8a06cb5c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
4589b0f0ad49c907ca2117d03134e92a

SHA1
702931ecda061b8f51afcc75f304ef8276c4de5f

SHA256
88aa926401fdec36b80712afb27ef52e87a996a34f77718fe415fac6a38bd6d9

SHA512
f9c16baa9f6554cef7b52d8a86e1b36b773ee06a602941fb139a502aa94da1e4f03aa7ffaa9c7134470c8dbdb65d67001cd136c0a152cd1f1d80bd2a8629bafa

Download Submit