a96a7a50f489c5e05551c511df4c1484bef5c90857e9e049d117dbb90b2f004c

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 10:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6a746110de9356c0afb6bd67abce0f0N.exe
Size

63KB
MD5

a6a746110de9356c0afb6bd67abce0f0
SHA1

614d13fc4bb0b7246e2e0f2ddb478dbcdf4bde3d
SHA256

a96a7a50f489c5e05551c511df4c1484bef5c90857e9e049d117dbb90b2f004c
SHA512

82a080a1c98e0672a1a48df9c638276b15e89bdb44e503d88d6d775ec3f7c2d083e3f8c8f31bca5a61237804c75a139ca0290cbea3c94fa6ebb918cccf3a3a07
SSDEEP

768:W7BlpppARFbhFAxCxhCBhCoTb5hK8WKnFIMK8WKnFIX:W7ZppApQGa9hKNKnF3KNKnFu

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (318) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	a6a746110de9356c0afb6bd67abce0f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6a746110de9356c0afb6bd67abce0f0N.exe

C:\Users\Admin\AppData\Local\Temp\a6a746110de9356c0afb6bd67abce0f0N.exe
"C:\Users\Admin\AppData\Local\Temp\a6a746110de9356c0afb6bd67abce0f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
63KB

MD5
e00c07f322a62e20f1697fa2c984d6fb

SHA1
c3bccebc38fbc53c6629d90fc3d40db8ee924068

SHA256
f2f1f1c53a70fe0313fdab9731e38cbb1170652058953801c1db2675f0d4bde0

SHA512
0a4d0312849d112077d8e9f7764de8674b2a73865ffde044979968023c9637553e63e6b466a3148b748da3915d0bf25308f54b9cf1a66284cb091f79dc148ef3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
72KB

MD5
5f02b823869962019877588f6a295789

SHA1
5c0d99cc94b3016d282189cd6e4afb4e1aad3c36

SHA256
d18c6ea10efab1f1d6cf16252341ff58763a93f1e6355b3751df7029e128ae1c

SHA512
85e6b6343463077cc0447a85d3a17a04de4735ab69ff6d6de74f0c2cf2604086428dce53b54e3fca67c40b806051fc90a80168e9bfd10a5b70c6486fa07139f1

Download Submit