280c4d720cec0ca2daf60656c311eb04f8c8dc17004825a50813ddc46fe45ffa

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-04-2024 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acad23acb1370045429dd5133d7c6786.exe
Size

164KB
MD5

acad23acb1370045429dd5133d7c6786
SHA1

74d27bc23f5b16d54e2f32570c3e2e251fcda962
SHA256

280c4d720cec0ca2daf60656c311eb04f8c8dc17004825a50813ddc46fe45ffa
SHA512

82ca1d4e63babf8389c6c56d448fbe28ad464d0d633815111b4abe13a33f4b2dc0b834d1f715fb7cb33d08adf4da22853e1ad9a652a563cc414b6ebcedfd8bb2
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJBu:KQSo1EZGtKgZGtK/PgtU1wAIuZAIu+

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2684-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000e000000015a98-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2684-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\desktop.ini.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	acad23acb1370045429dd5133d7c6786.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	acad23acb1370045429dd5133d7c6786.exe

C:\Users\Admin\AppData\Local\Temp\acad23acb1370045429dd5133d7c6786.exe
"C:\Users\Admin\AppData\Local\Temp\acad23acb1370045429dd5133d7c6786.exe"
1⤵
- Drops file in Program Files directory
PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
164KB

MD5
432d3df30ac84d9d64d456361c49cb05

SHA1
ed4e0ba24895b6d6a8671a9326c1b7b26fa13132

SHA256
b09f2ef6d6f551b994d1269e94c2e0a993158956dc4bbdec3bc687adaa0fa09d

SHA512
9ecad2c9f8c9bfda9abab9b64935d9e917d6d09a119750ffb5529a7a3e27cd6fda6581eed940103b46d11052742d110c0d13686aa3cfc0f4f5299cf1a1849672

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
173KB

MD5
287c0f85f61f9e8a985b05b7a32abf4d

SHA1
15e4f907159e9e0f11c94069ed41398a816c5163

SHA256
896c4b999e76dd6f262365a4b3396d7f77b405059b1447612b25ee53def9fb60

SHA512
a2dbd3192b4f2ff082042603fe7947902a4b1cebe09f4656a299b27476c37a555fd0e31e5aad909576e4b0120b669e1141c000e57029677e63386e5c0666443d

Download Submit
memory/2684-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2684-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads