1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547f

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
Size

89KB
MD5

7d91b231801f86da3edc75974ee43a80
SHA1

5262e6874e861fd2c40b28e2abf284b493d469c4
SHA256

1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547f
SHA512

6071f01e38328bbe627a6a246063f8be5f67d4417fc193288133a5e33a56d7f793af548631ec5031106362996382fe56ab0b224c30f074a9de09212aee27eb96
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5GT6SsDrgg:6+WpDfmRfmh2TSDrgg

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (575) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe

C:\Users\Admin\AppData\Local\Temp\1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe
"C:\Users\Admin\AppData\Local\Temp\1313e2c58565595760ee965daef570a780ff49a27924ad85f48dd9d3a819547fN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
90KB

MD5
17a7ad4d5eb5141636dc3670af376679

SHA1
d7c23979c3586a9f9693880e8f4e07437d4056a8

SHA256
a2f44f4def1e173b170fc58452350deeeb850972d993adc1746397ff17544dae

SHA512
28c7bf009850a471f034c3d2acf7714e026b7b3663edea527adec0a848d6ee3f201812479f78e298774a153e35521f8a72d2069efe280feb63d36100ab43d798

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
99106b2bba8e5baee125729fee3b3fa8

SHA1
dec52f7f72d12802f05588f818ef968e73862bfe

SHA256
a786fc8034e03b5737b7d6232338834b49487559ed8ca9b831bf8d348414fcfa

SHA512
f7b759fb8bedf62d1e18a1c28c351fb48239bab764d9965b5e52354a339cc06df3b92de5b1b184fbcd34191f6d3c74f02b5158120a2b83c66ca595eb8837c3c1

Download Submit