ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00f

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
Size

36KB
MD5

fc9c7c91c631ca60e4f8cd526be364b0
SHA1

2caccb18e12a29d81194624a71b7a328bd277cea
SHA256

ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00f
SHA512

1f8b238a499ef720feb3b876519bbdd429b2bdab1d50ca564c04ffc192b27fe4a70aa6e392a6441c98eb49b0b371fa482196e8c0ebaba8df8e9f3e048f9e672f
SSDEEP

384:GBt7Br5xjL9A7AgA71FbhvnwR/s4Nkq81LOyq81LOUqKqeUal:W7BlphA7pARFbhM0Kkq81LOyq81LOC

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (462) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\ApproveMove.css.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe

C:\Users\Admin\AppData\Local\Temp\ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe
"C:\Users\Admin\AppData\Local\Temp\ab9d9a036ca72eedd629b0991af6be70c6ee9b6afca73bc81ef5a9bc8fe7e00fN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
37KB

MD5
b3fb3924176a0267064e3e6d1af34af5

SHA1
585e878fb3e8b8875e24af9e5562894335f2a452

SHA256
5276557d98c4449cd71f00d074de808f7808d5bcdabb10e074fd337e291e810d

SHA512
46332122a4c56eb8406025fb7f06e20cb0ad0456be49db132211a849641be94ac9b612a7daa86c624ea3a84faeb8f3ba76a734718234bce8db4996ecada95c93

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
3023c99e4df8c4a90c865c043d65b622

SHA1
a15d74ea856016c5ed58a8d763455dd877e7b088

SHA256
c499654986230e1c4b1017a1dc0013ff635613f7ecdcd867e3c1c0fcbdf14446

SHA512
ded9253b77f5d7e07bff26a6d5db4e97d2787561c0163c4817c76c4b45c74c86ee512f0b2764ffb3c3586570849ce451a37141be43986154c6a7d930a6a7cfcd

Download Submit