5fc08b457c638fd6cbf4b23b29406b6e1510c55648ec4b237b3e7879eed4dc28

Analysis

max time kernel
95s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
Size

51KB
MD5

d9a4b017b3a1d0e37d47e1d446688dc5
SHA1

1636591b73bedd5142279f1981c23e2f4b82ce32
SHA256

5fc08b457c638fd6cbf4b23b29406b6e1510c55648ec4b237b3e7879eed4dc28
SHA512

e8b4945c811c22a44924e2a1531062d3617d748933aae7308529b32f8f4013806a66cbaf53442ff9886f84e85681fa98ba00f71716d906c96b228c6903e53009
SSDEEP

1536:W7ZhA7pApMaxB4b0CYY6Yh44eFZIXHFJV+6Yh44eFZIXHFJV6:6e7WpMaxeb0CYk

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe

C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_d9a4b017b3a1d0e37d47e1d446688dc5.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
52KB

MD5
542c194f692f3e9280e1d8f64b8c98a7

SHA1
aeb172a38257e1e6706b5f56a1f6d7dd0ec08b7e

SHA256
c732565cb4d89f08215b812e0b67720e517b3daacf88ccf3e035d0f8d2144d53

SHA512
e5dc56475926ee4a46311e7e5d35ee77c6567007c784e4971165a7c87a987fe4dc067ce604e3ec16269f7fb711a2cfadf2a5591e86e71220843bdd39b7a990ac

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
f03f94ded9ef4a2945d84f018104855f

SHA1
1eab8fc3b356d0e750785df1dca8014866a49043

SHA256
3dca40ad25868b8165bd0ef54666ba394bac4b883fcf577b01bf65672eaf1c59

SHA512
23d13aa10e508b654bbf0c9e256bbdec992dc6ec158bb415b86eec9d4c5a70256403702b5fcde82d9de222a9c969d5621bb1abc62475392f130d7620b3e1423d

Download Submit