b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfa

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
Size

43KB
MD5

01aa80959ecbd8a643f1b91f3fdc6980
SHA1

5a23f0e5c20684dab374a2ecd02a8a6da44b9f9b
SHA256

b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfa
SHA512

a7faab22888c67180459287ae71e64d7267725162ed3ec7a3372077fc9cc823c86860de67f76aecdd388db8e022a99df13c00d38d8c94a0cac4e688365648a30
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLJJ5UJ5aM2M4:W7ZppApBULcfpHLcfpyDaJ5UJ5M

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (344) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe

C:\Users\Admin\AppData\Local\Temp\b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe
"C:\Users\Admin\AppData\Local\Temp\b7e9837244828cadcc00baf1ed5926e4be36828750d01156e1fa10f1feceebfaN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
43KB

MD5
a3b95ce799b3dde7627b5c0565902c00

SHA1
f5e7c2b451ebfdfc48a95c66f4f0da07621ed747

SHA256
4868e39704e08c1f62d5fc4fd4eeb1a62e61bbb3eb82a84c39735860dbf74137

SHA512
e8df0131f553849096837d37cc953b6585bfb8ce1b3a9c9c9c0dd02a89281b74390969bf1581fe829673ccbdbee416bd717d0be7d40360b67c34b3cc706fde38

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
eac12476e1e81778ce10c184158824bb

SHA1
07151a5f049df19d6c283f5525d029f027a74b80

SHA256
dab7e5d1498bec76c5f27657bcbc3358b4ead7487e5d16120c5b8155a0ebc4a9

SHA512
b0d65498b4514995bec1ec0fb41807f69273314b1940c754ab095b839c22a06cb2b26e81895e9593c389850811b01ce1cb2540fefa82644a8020aabf1a921af6

Download Submit