a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
Size

65KB
MD5

ce26d464c21b2820da7807f4287ffc60
SHA1

51bb8d50381986039cafab96b0bf7b27e8a2d483
SHA256

a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585
SHA512

5aa31da7a2b75b99890e3cf9450852cb745e228e200ba14321705ee9799739f45df9af938873391986553ae039e855050be1c71616b337f70438067b913e0daa
SSDEEP

1536:W7ZhA7pApw03vR03vcltdtSsU8Tu8Tmwzw3wLJ7eJ7J:6e7WpwYRYUtdtSsBc3wQ

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (337) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\ConvertFromUninstall.xlsb.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\desktop.ini.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe

C:\Users\Admin\AppData\Local\Temp\a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe
"C:\Users\Admin\AppData\Local\Temp\a163b3f63ac133683e09d3773b56888a8812734f5a03b17f414ad0074804c585N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
65KB

MD5
a2ed1f2797014bb0148721e7744fbf06

SHA1
47305aaa40660fc75dabe9502f8a1bbb40252e46

SHA256
d38bcad91062577698f011271e25f3e603806a43150987da88359ed5bcc75afb

SHA512
2c1b1d00ef451d005df6c0a5d6cebb5bcd0dca49fec51dc7c6ecd6e776faf181beb03eeac081d7f583ef476e3a4234857785576441d030bdd2b8a8c9e4e0a077

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
81e24a4057bb5fe3bb63ed7806da2d64

SHA1
76823f7d7c8f805d62fae99670772abf6d2dfda3

SHA256
688359c8d4a9d92f31ce7e4a0965e744e2bcaa0033561cc5db0d6693ee227907

SHA512
df8e9f4b8ffd8ab650102c4c50d29471266eb576078bf58d4ce52858e4db131d88eb92e2153a02db6a2b41af0456d3e3e897614af68beba940d78f8c835acbef

Download Submit