ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
Size

107KB
MD5

b689c42a1d03100750f62b44b694a0e2
SHA1

c9fc144dc41edf51f6932048f251ef62e2864453
SHA256

ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68
SHA512

b79f4c451113a8997faac8dbe9dd76d724c1b1be23654bbfe00b10004ca71cb7cd784fd6f5accded1005386a581e67a9fa164767da1fd48673d35d2cf6d635b1
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFpsJOfFpsJ6XzlulK:RqKvb0CYJ973e+eKZlAY

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (555) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\HideSubmit.asx.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe

C:\Users\Admin\AppData\Local\Temp\ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe
"C:\Users\Admin\AppData\Local\Temp\ea8f640f74b641340676837fc1bdc5868424387823ae5f8e8c72e863184b2e68.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
108KB

MD5
3b9494aedc3eafd60c389b34060f5761

SHA1
51fa57b62f5e28c279a721aba3fe22275a03a578

SHA256
608cd2e4a709577ce4ce4ad1d49fdd19a4739fafcaafaef275e3c46f34a67a41

SHA512
6604d618df137399e8873403e8d46d5cc3cfbdcab92386ca279d41657d652338567cd0e75997933cd246f6856477e3a1a2f00754ed006b8e5f85b2631c27d6fb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
28dca052a503fe55068e69f3e1cc1b3c

SHA1
cd3a9bab1614675599cf35c914ce38cd28bb7189

SHA256
119b58974c5b5d6e8c48fb43e2a9ce4af7f7451034c21d07bf713a84dbbb9ead

SHA512
35799a891c0f5e4c8b41e807f02d4db451752add1c0d63c47146df345b4eea18851ed55f428145f7b8351221aba0772e38f71cfcb1b910cda3bbcc0431af8515

Download Submit