228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
Size

43KB
MD5

e24bcb86bc139a4c02509e99d33baa60
SHA1

d4a41361c25246078dc00a906fab242076776179
SHA256

228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80
SHA512

7bf6f8afad7353727d343faa36f3aceb34f2264dc5300c819c36b1a1280dba4843aaffd172dc392f5e75637633a0ccff2a7d5266ac57ed29a7e54e039c60da5f
SSDEEP

768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5qrVfZfI:W7ZhA7pApM21LOA1LOrtkpt6UrE

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (446) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\EditRestart.dll.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DebugFormat.ppt.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe

C:\Users\Admin\AppData\Local\Temp\228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe
"C:\Users\Admin\AppData\Local\Temp\228310effd406399e1963e44ae2b927a125aefdedbec708d6146b4b40e767a80N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
43KB

MD5
fcb63c986820681a9f6d2dd33daf8202

SHA1
e7bdeab9815f301324c899093b42d08e829cb6c5

SHA256
c9cb63009816b3c3f78b585fd9ab963b582ff010a750d47b8818145a44a38a93

SHA512
f18f148e4fa3ce83a45250fd5155f622cb5a25bf7f2a2228175a47da0cb39160018c07d0276cb75bfa39465d27a009b85f6daaec1d001df16a09d83e53aba8f0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
08bf080332d57b001e6126ab995ad81e

SHA1
f7913093bc1e2313270c941ed55aa62bf31610ab

SHA256
553f796e83b7930255224f09584647eb4c0189e75618a62fd3a65bcefeee21f6

SHA512
d880d6f8b8cf3dea3e1958dc74bf32d939830ed0d0eed58c4e5f3d8160cdc6ce402883f4d4adb2565108435f7d5e73830d9af523b01d74a0a851da76a717b170

Download Submit