032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e

Analysis

max time kernel
152s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
Size

107KB
MD5

64baa5340e1d221e510d80d228c878dc
SHA1

7334c581a458f5443c02b128acd6783d33ec09e7
SHA256

032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e
SHA512

2276a4770756e2d21150df7edb25f05718da9bf556b93b3c41ea5af93a22dc56594ca746e9138432e9e1fbb71495cc25ced3fa9f7bcb8b512b31348d93ea7136
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfVyc:hfAIuZAIuYSMjoqtMHfhftEo

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (333) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/3032-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x0008000000012227-2.dat	UPX
behavioral1/files/0x0002000000010469-6.dat	UPX
behavioral1/memory/3032-20-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3032-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0008000000012227-2.dat	upx
behavioral1/files/0x0002000000010469-6.dat	upx
behavioral1/memory/3032-20-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\EditBackup.mov.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe

C:\Users\Admin\AppData\Local\Temp\032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe
"C:\Users\Admin\AppData\Local\Temp\032732b677aa04c6e15e299417f1bed5934adc56973be92f3a6a6bf937faf48e.exe"
1⤵
- Drops file in Program Files directory
PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2461186416-2307104501-1787948496-1000\desktop.ini.tmp

Filesize
107KB

MD5
5fe059dee9dd2e26339318a8c058fbc1

SHA1
77e83ac8bf6fd03af52c62039e56313c334c8129

SHA256
fad7e1ff8ab10f83d5422f89230ca53311477f139dba5ece02bacd957af0f421

SHA512
2fe25fc49b7503c86902c1f2bfd1f98ff0cf4c4948ec0faa7686a69e2a7aaede389b5170a2ab0daf2182f072e0cab41c222ad0ba56b685d7bdf19bca3f05cb8d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
116KB

MD5
d1140b600e9595e505d7b4fed3874a2f

SHA1
7b77a3c4ace64c790cc1d371791136233fed3724

SHA256
ee71d299ae3ea63a43136cf055a5115b1676a8debd944dd116f93c31026cf685

SHA512
734d360519d742711145910b63ea0e89c1649f32216db5f3a4f39300c91ddb3b55a3b19279d3892b468f0b16c6abd99fd820f3f8a2bda81c1f5f787803a2f0ea

Download Submit
memory/3032-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3032-20-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download