cf8cb57a6b494d68375571aaadf0967e2efe8fcb47efd8976c1eded64936bf9b

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 18:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c692864cd28034a9e42369f35a10690N.exe
Size

57KB
MD5

2c692864cd28034a9e42369f35a10690
SHA1

2b4afdc7464a319202be52249ec5865123ee440d
SHA256

cf8cb57a6b494d68375571aaadf0967e2efe8fcb47efd8976c1eded64936bf9b
SHA512

d561b853213b6fbb6490a517aced8ed2ea1130d0421d646dbf48993515b3ae0cc35c4d0982c0d83cccf70c9354ef61d0b351aafd2cb237070f218708047809c5
SSDEEP

768:/7BlpQpARFbhNIiJwsJwwnZre7mdG3mdG+/q:/7ZQpAplJwsJwwnkmdG3mdGn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (403) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	2c692864cd28034a9e42369f35a10690N.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	2c692864cd28034a9e42369f35a10690N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2c692864cd28034a9e42369f35a10690N.exe

C:\Users\Admin\AppData\Local\Temp\2c692864cd28034a9e42369f35a10690N.exe
"C:\Users\Admin\AppData\Local\Temp\2c692864cd28034a9e42369f35a10690N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
57KB

MD5
6c4089f3e5b4438d6f325064238a79b9

SHA1
9c2d4de642083dbaf8642a1a9249edea02164697

SHA256
218b7774e63fc2cf2462ec4379dcfc115e088e64ab84ecd84dc64ba5d9f47134

SHA512
332e3fe1e9bfceefdc616b03ebda6f88cab8d9bf1f41255fb1932f865d5dad7aa65112713507f7e1026d7c1a4d0e2a510ccd40151cb04bd21320fbcfeacb8cc9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
ec60cb84c29d5fe9df3830c87a92922d

SHA1
88ad02e432b372eb62f7e66b33777540c7623dd2

SHA256
2a072339e5cd2c764bceec8d6580e2930068c3f10b558b12dfcb8a8d4a4ba19c

SHA512
71175fc2dea212983bd7ca6302c0e88db3630451577e645ef38c5a02fd547efe5a2d17c3045ed661664e12a83ae7f04c254dfee1ae93c198d120696698a28db7

Download Submit
memory/2120-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2120-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download