6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5

Analysis

max time kernel
101s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
Size

49KB
MD5

f5906834e9a7af5a734958a458f06670
SHA1

fed5c870fb6b4088ca575e208505e0606c77cf0d
SHA256

6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5
SHA512

cf0b6a2dbf671fb4382d8bd4cc895f859143a914bd2c97063a1a1f43645900dd5c24e649a9d3ea4e6bd0173b41d2bf697378197a0744f5cbdff0ce2189647ee1
SSDEEP

768:W7BlphA7dASbSjJJcbQbf1Oti1JGBQOOiQJhATBWvyBh85c5h:W7ZhA7dABJJZENTBWv36j

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (286) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\ConnectReset.iso.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe

C:\Users\Admin\AppData\Local\Temp\6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe
"C:\Users\Admin\AppData\Local\Temp\6486ce00279c21a21511cec48ecd3da96f794cccf31a46f739dc29696ffe8dc5N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
49KB

MD5
0caaf321a785ee24779c5de4d7a0b1bb

SHA1
e21ca32bdf1ab845a015d3b814554c924675cded

SHA256
24bfc6abdbd6255f9d18de06c1921efab687feb2ed0b3ed6f98d81476aa92361

SHA512
4b4144249dbb3cbc447b23319ac030ecc54a2abac1075ff95b8c54cfebdc93ecc12e31c00a42237e4be6ffd8b280e1781f05e06b2d566a23dcea23357c3f22ff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
5526274ff9fbc08851bdc01b971c89ba

SHA1
bf3ade5a2079a6dbdcac25807c6b828f08f47d1a

SHA256
02aae4f032545209d30bdcdba350491692fccea06135c451ccf98b7a96a8ec54

SHA512
5d54299fbb7db668e95be899afadd015bce9f3b474344b8beb50cb265a7902e2b55d6d40a7148509d82b47c1f05c28010350c779f29b6ff16e74f89da1024c20

Download Submit