f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814f

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
Size

46KB
MD5

f86cd6f31bf7dd6e16033f9e1a401d20
SHA1

d8e994b57adccc29fd6c28ab87bedee0e1b8c0af
SHA256

f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814f
SHA512

05087626b2f441b0dedfd8e761583ac4e2decb6a707ccca1f67675dc7862ca6976ceb8f359b7659bee19f71d749d3884c667044afc094a1fdbfdfea7eebec41d
SSDEEP

384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJilqGelqG4K66CPK66CuJ:/7BlpQpARFbhq1KtGFGxNCSNCo

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (329) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe

C:\Users\Admin\AppData\Local\Temp\f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
"C:\Users\Admin\AppData\Local\Temp\f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
46KB

MD5
ae23ed9967e0f757d833fe9f5f90f871

SHA1
15a694c103fd634ad57c0e1e41134a740220723e

SHA256
772512833e5eecb8e897a3e35a9a73db30d352cdc61b95c865c26aa2a183d362

SHA512
77181bf470e6bd9a680972be376224ee602d4fdcb84e43c2a0acb6637cb3e899ddfa9c03a5928515409113373b198ee9d01e5a9c2c7818b8538add23295b171d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
88b43d4fb6195fc3de6553725f08dd79

SHA1
aeae3a6280c1d5c42561fcc144793ec254839650

SHA256
b602764d12e11355a28e5c23979af5010c877ba58b1601e4e5a87f34974bde3a

SHA512
712749e038f2d3b2f46374f9709ecf555d0412d344b11845845c27909466033a67217ca295936a5e05f43f3c013682c90b00017673abea33794a6ae797e20779

Download Submit
memory/2252-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2252-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download