23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 13:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
Size

85KB
MD5

2f51447b4fc44954d7e5860fa8d41220
SHA1

2971b20b579c5ecdac87041a5d22d06e69c96877
SHA256

23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6
SHA512

f9db39d6c25b49664515e32ee52f615e836f9ecdb6ec6bce511742c97e2e26d6fa36e20a9af93069949f733b5d10510ccf599b2e10be73035c4451b2906110ee
SSDEEP

1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd55tDYTYk:6+WpDfmRfmhJts8k

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe

C:\Users\Admin\AppData\Local\Temp\23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe
"C:\Users\Admin\AppData\Local\Temp\23fc2900ab95042b35547f2255e5cf568c1611a333ea89d76004896777351de6N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
86KB

MD5
54f9819cc7dd63c7848b48843942dbea

SHA1
9431edddf164ce0707c7e41a0c58c8f68110e732

SHA256
dd2170829e5f5e69a5d40de41e957dec01c098c74796c2f76cab79579ffc5fca

SHA512
cbd2d4c1e87ab77f058e243bcaec743d3d4d986164729a4c71fdf0d5983dff0a0919bb1f643376f452a31364a9b00f08fd010fb3193b444c4ca6b14274c9ea6d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
7f29568d392b7f413fa3bf73add4ef09

SHA1
a09759d90dbfe9c2a7bc858051aa8cc547572127

SHA256
ff44f92e9bfc7815154b1e4b5eee626c93ae27ca40ce65d586296db5110133f5

SHA512
9e9562732c5bb8d5172f0f0a5036babefdd2beea2f9464b118dc1f9fa8d349bd1ee22a7562e167fc360d93e98076c9001513a4f4079635a472f128a0a0c4cb75

Download Submit