b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
Size

192KB
MD5

efb64f7044e94fe118b84123e2cd4470
SHA1

67912994a91031cbad312ef8db4860a1ca2c42ed
SHA256

b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1
SHA512

debced1a9c85bc6d389aae0b577f023f2125432f9409011dd840389da0f837d3904ef9bdd702e2852099ffc9af0e1a3c8e4311bf072dcfff0445a7e9b3b9d297
SSDEEP

768:W7BlphA7pARFbhKKVeIuKVeI6B/mC1cRk5O:W7ZhA7pAp6dLhO

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (259) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\ApproveExit.shtml.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe

C:\Users\Admin\AppData\Local\Temp\b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe
"C:\Users\Admin\AppData\Local\Temp\b182b95c9693fbebb28c02a57c3ecee6ac3288d9190c12d89ca7d4a2368535a1N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
193KB

MD5
abe54de5c323df7dbdb79066b2643623

SHA1
1c2b00c29ffb69098f0432db21bf75d0457b4984

SHA256
d0ead7aa855d199142630af41442f04940cdb530c04bc098868b40b10963a47b

SHA512
494dec2ec27725caea380a20c9e0b9121920ad23240226d972e8f5eb05cddc7b3de33b52d60127428ed713356faf54b126d94b23b033ba18bc533760600576ae

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
202KB

MD5
0894d9c38e8c71703af058b9323c7ca8

SHA1
3d521aa73ea7ef390cb11e879d695de1d4f33288

SHA256
ed4c3f8f1a2a4b5d3b595286441fac2a3eb59d5b7f07c513d67d6012d8df6657

SHA512
8d0c1befccf24eab780a006bde66e404b07315332ba8fe84dddfeb3cb687cf837a511d6540b9a60224285a0c14d334418cb59500ecc7a97da62f86a73d2a623d

Download Submit