d31bf76aaaeeca973ff1e4a3648eefd638977bd5409f47ac576be4ed65a48d89

Analysis

max time kernel
120s
max time network
15s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

341962d19972c5a639b315c9ee796cd0N.exe
Size

45KB
MD5

341962d19972c5a639b315c9ee796cd0
SHA1

c2d3ecfcb041425822209ec75e21491c2556c977
SHA256

d31bf76aaaeeca973ff1e4a3648eefd638977bd5409f47ac576be4ed65a48d89
SHA512

82f3442307c57f0f04bb2fd5136d23ce93dd2138f840e0ff4ecca2d4664474377c1ae1a255c32c960144375ff0239bc5ceef93a495cdff3aae5a16f6811f4f22
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOd+KF/MF/i:W7ZhA7pApM21LOA1LOX2q

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (340) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\EnterBlock.xltx.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	341962d19972c5a639b315c9ee796cd0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	341962d19972c5a639b315c9ee796cd0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	341962d19972c5a639b315c9ee796cd0N.exe

C:\Users\Admin\AppData\Local\Temp\341962d19972c5a639b315c9ee796cd0N.exe
"C:\Users\Admin\AppData\Local\Temp\341962d19972c5a639b315c9ee796cd0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
45KB

MD5
5a8f629c12f8168540459f45e7e3fee3

SHA1
82c43ab5bd79ddc2249258f4f2ea28a297144c03

SHA256
211f02ff9dbb1b15de187d98d3d8b70af3daf88e1794b8e860d8a1f0883ef48a

SHA512
92d57f1d0447097a45429a75694737abd8a3aa1993e8551549c792a9f39d2f6f6d4e952e7bc9e9971ee02e3c0ebf97e0f7259cadaab55108dd90b26b594b020d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
1ef58b13b32fc4d46766a3a4f0723ff4

SHA1
6ba716af7b7a6125b6906d3c7d2975571a07b0d8

SHA256
c1e0ab8a72a830f4860f1a4c336cffaf9f0e9cb92321d913997fa26ffa3cba53

SHA512
5596d971fd638c5434bd3fd7f36b72346f73735251889964ff30c19948947fc6665fc23586425c083f7001221c09435f9f6d30975c0b887a987868296ba26b02

Download Submit