a0d0a7279bc5593e5c270ad07ea8fdd1c2a4425627f2c1260eac6121d0c05b01

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b391671d351174886472f585ceca6740N.exe
Size

42KB
MD5

b391671d351174886472f585ceca6740
SHA1

7c46ec121ee40ae20618f04c0a0be2c2c1f1bbd5
SHA256

a0d0a7279bc5593e5c270ad07ea8fdd1c2a4425627f2c1260eac6121d0c05b01
SHA512

cfb75cb4d4ec50c0a1ec064cc5ffa306a1668b321b315232a16c5af9a18e4ac6179efdfa7311ab2edefaa945767faf655fe9c8904b9b2a85032fd46d4e6979e3
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LOw2pqpF+i:W7ZhA7pApM21LOA1LOrwL

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (332) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	b391671d351174886472f585ceca6740N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	b391671d351174886472f585ceca6740N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b391671d351174886472f585ceca6740N.exe

C:\Users\Admin\AppData\Local\Temp\b391671d351174886472f585ceca6740N.exe
"C:\Users\Admin\AppData\Local\Temp\b391671d351174886472f585ceca6740N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
42KB

MD5
3b840253dd3d423ff98b6d5e1ae62722

SHA1
a8647719aa0cc5a1a0991800fe3903bf4c2f5c75

SHA256
93f8a08c4e229791383a8ccd1e1244f484661b7ca7064c7cdc717d57c39e932c

SHA512
ef192e2f7f023691c4452f31cd0677b36fd13b32dd9b1704f6056d59e1c6ab2ecc1f715135792381bda20ed6478bd9e289b48523081190b47e778cc63d85efd4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
c3afeef7a6400bc57cead2433e92f8bb

SHA1
8d5e539ecd1dad981d30efd8572ceb9359ac1759

SHA256
9a93a8e3a7ab2e1875d6aa808dd57f3686a46c5880df320672e241666da30a0f

SHA512
abece0709e57a4d08294d4a3542ace608d1aef8c72d8586421c4c97e88224b9faf193773254720ef730b9d672c25b4b8fb95897dd53e848f2c137545f08eb473

Download Submit