a988085ba5e2e6b458b46936525d7fac89c64d99d5dbed5474680a132fafbad5

Analysis

max time kernel
157s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
Size

103KB
MD5

500837d9b424659fe8d003d5c8896931
SHA1

c6ace3849a7303d6ce3c08a3f8216cae92b44382
SHA256

a988085ba5e2e6b458b46936525d7fac89c64d99d5dbed5474680a132fafbad5
SHA512

359911deea699b40973361e28def6eb513d090e30246ca6b8716606e86e48eeba9a8ebd61aa069f13360af38d952c18d3ffb4579db901114bed3cfa48ababa21
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBU:PqFF2Ie+efsL1UabUaG

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (226) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe

C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan.Danger.ATA_virussign.com_500837d9b424659fe8d003d5c8896931.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
103KB

MD5
778fa685a72464f0cf588e8e59027c28

SHA1
fdaf591835ecc4c645a17f379c912d7925eb7f83

SHA256
2277a0ae971df28230d888676fcba04ba775f92bd61eb00ef60132fabcd01980

SHA512
0ca2740b20aff1585204fe9bfed9d47644cd2435d738f6515300d451cb3977f5685833eaeff57354fb5cca1bbfbe1ea86b96434080c8a294d18e8c23914ba635

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
112KB

MD5
8b5341cbbf5a203b1cf48001202e9d3b

SHA1
4d46e9669712d520b8e6e3037b4801e30a0c66a3

SHA256
91e951a9f84998d7634b677a03f2e3aa8a1edbfe2fb4551d55181990491daff9

SHA512
0aad5a20f345a4e0dd9b59f13cf364c8c93f198876402f77a56d9a46e5c53cc4539e6bb321a966e02d02e43523f590ece6c44627c9925cb2ec839cb6615e067c

Download Submit