c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
Size

42KB
MD5

d8315bf38f859f5b36ccc8a0765e67b0
SHA1

3747e5fbb5af9e9c135af3690adf6a98ff42f403
SHA256

c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347
SHA512

70b5754b5738e81d0bc3b3b7a4e4d3023a4bd729c5b319510b0a3d792b622b4414762263bb2c9e11780c18349b62eb42b09955655a97219e619e05468b2cfca8
SSDEEP

384:GBt7Br5xjL9A7AgA71Fbhvnqj7jU7ubTAgpbuvx10AaIdKB7ubTAgpbuvx10AaIr:W7BlphA7pARFbhL801VvM801Vvv7I+J

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (475) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe

C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe
"C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
43KB

MD5
c724833703e1fb8a53fb1dd6f8564d14

SHA1
73c8c1674843bd720ffbc8c19992c160313fb849

SHA256
c861230fbd1f55b5b1f43cfa9b00a915c1a3ce638382155a7946f50f3539053a

SHA512
462994d1ab3138142669bdc97f4d3881db5828495d251e2dc6a9025936e7f53e0cd2b2a8147e434a0f8854d625264c897cb79a63304c57f9854313ca3d63ed4c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
08dae61060371478db2ecc52e894a17a

SHA1
f036c019b5f47affd66fade01b7e8fc4997f3110

SHA256
19b29f66b577c305f4c8bab22a8c1200365f524676eb8c3cf5c59a3092007d89

SHA512
216c55471b7cf5c8489526b0a361285aa729124697c7f48d5d8ffd64355ebf1a367225b9a6d30adae3616746781f113676a1f30a16b26fcfb063fccec063867e

Download Submit