460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
Size

74KB
MD5

1aafd1ec810061b0486188f308434850
SHA1

bfafa56347bcf9b47036adcefeaddce4ae5eab2e
SHA256

460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8
SHA512

1cc21f786844d25f452dd1bcd4bc2656215b0968edf7d8c6d735ceadf4bca6750be27596f96d6fe56e95c15a01f6369a8fcb67ae20ef61115e3691aa843e647f
SSDEEP

1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8zxY5eYl:6e76mQSox5t

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (326) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe

C:\Users\Admin\AppData\Local\Temp\460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe
"C:\Users\Admin\AppData\Local\Temp\460e9ea3f647b37f25b75d4fad8c9a09e64de48af23d878f11bea0603d456de8N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
74KB

MD5
46db93d08c77f598a4c9ec52a1f59d65

SHA1
92282655ab1f8871f843460db62ad9bfc909ac30

SHA256
7079f21eaef88333296e7b62fc264ee71512820cfa5ef4e943a04f04bf3d27dd

SHA512
537ce71a52f81750e749f2a763b821a1bcb7ac26cfd506af0f2606a796d9d1786f06d4d0e298c85c37ed1d4120e8a4f897d57fffd317b06d44b3339e6fa8409d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
3445f1a08307316325aadc6c58baf7dd

SHA1
9d5b39836694ecd6f3a75d60384b6908b862274a

SHA256
765a400348082afe077015b9b30bc79d01193bc1a18bcd593bc70fa2e2761b9f

SHA512
2de6efe83bd7e4f5da718cc200608257227486b1d37c292944e092782f207b826334256ec95693b6b7e65f0e5025f0f60a6bb4cab769b58bec7b53e029ab3bce

Download Submit