18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
Size

39KB
MD5

1650d5467d7996adc5971dc6bba6e4c0
SHA1

68bbebb69eb7576b0d05532ff47c7aa65730b174
SHA256

18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2
SHA512

ffffc73f1f7d367992a56f91c19ccee742bd6af91e28c358df8c10de018f57dad302cac2c702c425ac83b9f631b401846881bfee5efeb1f9b7594f6dc3dd12dc
SSDEEP

768:W7BlpppARFbhjbhQYjY+WyKoIWbsHfySkT5GeQbyi348oWc1RPOzkjId6q8UdrSO:W7ZppApBMyKoIWbsHfySkT5GeCyi348F

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (294) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe

C:\Users\Admin\AppData\Local\Temp\18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe
"C:\Users\Admin\AppData\Local\Temp\18d44bee18f009ae691d3924b305b163141b2528525e388a5bb614f6263396b2N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
39KB

MD5
786d797af91100135b8b1a7a9fe37ff3

SHA1
a44938797d09bfe965efc13525cf680ad5546129

SHA256
04b660e083c45314fb6bb48332dfe76260ddd2d7ee1ae9504fcbe3b6bc225cfb

SHA512
a633b9d5ddb703a9fab6dbcb601bc525453174275f0c498a103790d49534a550cae31ae255e396d5e898d65378a8133825723341133a08782ac7e8a9cea324dd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
194caf3d20dbcdc15f2b6b6cf7ac4118

SHA1
bff421e12d129d1701d113c9ed5fe8d5a0080582

SHA256
94ebc07fa37a34d4b394a493004c02d6050200af078f124227c2214ef8eaf41c

SHA512
4072b9df760f094d6bf466a67d8b952e6a40afdedb8f8f8afdc131f30b632dc2e89490c2b27c7faa17fb0a934646e9175af894f792f92406cccba8c14b5eeaac

Download Submit