45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642

Analysis

max time kernel
60s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
Size

168KB
MD5

5259dd176f790bf589b6cc770ff33d6e
SHA1

b999509fed334cf3bc149796e115ec6c39e05793
SHA256

45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642
SHA512

808995dce53b8614e1253548f5a0c997aeffcc3278a88d18174f0ba968aa57159a3913d814ce6ca839d2c7147d5cabc13d69682a06355be64a197801a937a744
SSDEEP

3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBt:RqKB+tOkWKR0iJ0h

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (484) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\HideResume.ADT.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe

C:\Users\Admin\AppData\Local\Temp\45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe
"C:\Users\Admin\AppData\Local\Temp\45cced02005d4a40e0e5fb3064ae46c64b7210c70a0628c90deff4a15f1f4642.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
168KB

MD5
68bbddb059d4cfb7bd5380e12bd21e8f

SHA1
aa1d2750987f3e2787ab10da0541ba15f4e1106f

SHA256
161d6d5fb366c252bc495cf08bddb3f6b2c213c50dda6ff4cdbbfc8f0758b200

SHA512
1ddc695521ee6b862d002b63545993f68fbc129aea3bf25cfd7c245c12830f448ad2b5168c2dbfa4e2ae56af58cb5b612b63c03d179da91c1e60bd4a624c98c5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
177KB

MD5
f9ea423c31dd9d7e8f4c8b57e07b32d8

SHA1
c9629fb6a445c2501a95a5a423d484427afdca58

SHA256
324ba00c20fb3c097f7682ec1eaf6418ba8ad3e6468b71f53787b2a09617b1f7

SHA512
1d69858a8b31521b1d89fe11c953b8317a74bac0fd655b0f4d0efe8a6adee05bb35768f39c4b1a2e6e83e801a29e3639ea29ce5da5f57d04b6925b52f7fc7371

Download Submit