54f92d7c0b7a5d2ec5b3f6ad9981ab9d92cf9d4a68b6e0f65c722fe8df6edb90

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13991151ebd79cee2af4d084fae5b0d0N.exe
Size

86KB
MD5

13991151ebd79cee2af4d084fae5b0d0
SHA1

3ce37955084ea94d6df3624675301e3297040cb7
SHA256

54f92d7c0b7a5d2ec5b3f6ad9981ab9d92cf9d4a68b6e0f65c722fe8df6edb90
SHA512

6291a216753b6e9f2bc4b4b59cb2248cd959301059c77d0b582cda76c92b65dd25f4bb754d5ed10f9ac13653f04c5e51afbab9c206f96078986c4f692896525e
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRe6:W7ZDpApYbWj2WTWJe+e/qXhgGJr

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (331) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	13991151ebd79cee2af4d084fae5b0d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	13991151ebd79cee2af4d084fae5b0d0N.exe

C:\Users\Admin\AppData\Local\Temp\13991151ebd79cee2af4d084fae5b0d0N.exe
"C:\Users\Admin\AppData\Local\Temp\13991151ebd79cee2af4d084fae5b0d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
86KB

MD5
80f40a1ea4c0e9fe8dbbff3bcd8c197d

SHA1
926c66d9778326f7d70a92a1661c1b7de08c7aeb

SHA256
2289ee725efbe64433f5ad4185a0678988001324be447055068c574de3a6ac4f

SHA512
3d7e4abbb7cc219c36995a3b359530550735e84ff86100b204098470a151e1f1b0b9664e4b61bcea2858f5133d9e87be933bf6a2ba1e5518a04d0582aee15f66

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
331d97eef49a1d6ec655b704a23e8d5d

SHA1
842d39d8539268a695e2bc71384b0827472a9284

SHA256
cee5b75a230998557a8cbd5138b785b658eb7c17c8966995f38f08c6140ef4ba

SHA512
3d99ae49bbd6c169ace5c81ff7e2c6e61dd5c51d7e90436799064fee83c12409405f0d3b73d962e45968c2be7e2b6f52a2d886aa2cd1df213cb9a5c6dd33d3ba

Download Submit