328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
Size

42KB
MD5

255911de74756ea286dc684db78bd450
SHA1

11d11069fd445b1a6ca1dd47b2b60fb598e05ea9
SHA256

328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041
SHA512

1aa453cc7f2d8ec2b59ac8407a58fec92543bb8fbc229bd372b9f9ac1133f1df0c2fe3629ecfa02e7f911704108328e9a8e27a209a0a55ca99022939951aed55
SSDEEP

768:W7BlphA7pARFbhL801VvM801Vvv7ChzVB:W7ZhA7pApw03vR03vuh/

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\CompleteInitialize.php.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe

C:\Users\Admin\AppData\Local\Temp\328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe
"C:\Users\Admin\AppData\Local\Temp\328f1be945f46d0effd664d5ef8bbce2b30a09b6c9b5329093b701e27fa90041N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
42KB

MD5
b142ea59f96e3e4054f17ccfb192e4eb

SHA1
f450c087ea9041bac36c94d7c453f22184efe1c5

SHA256
8dd93ecb06a8c3d1f233cf07242a7aaeea9e576da3978e74767e52159b423861

SHA512
3890c60e50586120275c1c46e4291f71f3c16a858f1cb2fc38bb990417fe70bd794770f2d78938b77aaf915b6d66167994f64c0f9c8a6c7242a09b45c3536d54

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
34c3d66bdc49377a7d593712987c0d58

SHA1
22282d42bcc9e8eec54e1d4ac86bc01e9dd5a517

SHA256
fac1eacc8dbd9b4b5a6387ab955f2a9f8db7b8510d346a7df2839bed0f6b3cf5

SHA512
15efb4bad3561620cc3f0f792f3e47e2330106fa6a65d4ac6e2db9f7e4d7926c837a23c0d83e5bed61f366990894e583660251ef3e0ca665e44b1a791251393e

Download Submit