16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
Size

60KB
MD5

bb080f7d398c81765248ef6d635e3d1f
SHA1

7ed0f3f2ef139dbe557adbdd364a4a26c0d47fe4
SHA256

16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208
SHA512

81d8ef48c51a904172b529166f28b76eec0148756d065d792d1c1bdb42a57e50a808a8ef1e44dce3763c413e0d4ffa708f7f09908eeb160db1761ee907b35bde
SSDEEP

768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyfxAkJhxAkJU7AiPWiPBXIV9YV9a:W7ZppApyVyjVyi7Y4a

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (509) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe

C:\Users\Admin\AppData\Local\Temp\16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe
"C:\Users\Admin\AppData\Local\Temp\16f98036901f55697113b129d44049e7755d033ba278e1048264be08667cc208.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
60KB

MD5
3183bfc764a5877be95541224448b5b9

SHA1
9a71fa97033db84370e606fb161dd4b90be61b3d

SHA256
6efce6f45bda045692a1310937d4ff986af09fc0280697060fffad1333682e67

SHA512
00886b5ad952eed77cdaefd9c2381af4123e7554656847d05eb54b4f9adbc2c11d4600d98c0fb22627b7e5b8a25f812a4fd165ad9224f503596ab0accb8e7bf2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
69KB

MD5
f00b8e7741f356843b3f17ffda33f282

SHA1
61d412757de1f13464cdda89756b6a47669cba2a

SHA256
7673bdd11e7aea408fdf7e221dbd3bb83a98db801fce9284116ed45971f496ee

SHA512
1929c80f85aa1ae14b832bb855e3d4e07100f282c816b571ab634612bdd2c4454be51c454f614c50e1ca815aac0d68fa46dfce5eaeeb5a1e19e43d13bf4a8de3

Download Submit