98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-05-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
Size

340KB
MD5

9efe844a512b04337819ba90a5e76bec
SHA1

9b10c99c293a4775eae20065b211d8bb53cec427
SHA256

98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f
SHA512

e9370e916af63707aaf8fe404dadd2952b63b849f20e545ceb682fdb2aefa3616ebd4dfeab6bb47352e218afcd08c9e6647c5887306cac205ac9cf05325c731f
SSDEEP

6144:JiQSo1EZGtKgZGtK/CAIuZAIuxQSo1EZGtKgZGtK/CAIuZAIui:AQtyZGtKgZGtK/CAIuZAIuxQtyZGtKgX

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (306) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2776-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x0009000000015c23-2.dat	UPX
behavioral1/files/0x0002000000010481-6.dat	UPX
behavioral1/memory/2776-68-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2776-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000015c23-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2776-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\EditUse.cr2.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe

C:\Users\Admin\AppData\Local\Temp\98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe
"C:\Users\Admin\AppData\Local\Temp\98323524e9be576534c447dd71717f89d8fa9fe7b67989096cfba3661a3a272f.exe"
1⤵
- Drops file in Program Files directory
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
340KB

MD5
1b0855333e0a71bbacd7a9161a3c8175

SHA1
74d1bb8dcd023793f9154ccae95a7254a52e62e7

SHA256
9354ee57df7298d6db8b6b8bbe926a9dfec715f8508113b705623fdd2e0a6d59

SHA512
a23b216c64cf33558b19e5533dad384129d33b925e0162f1f91b4d0eddeb74d42b4588c46a680b976c13aff55d18ca97bce17f65324c25ba7c7d4f8b2f264c56

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
349KB

MD5
ea5f4f02f9ba411a32ffaf9a3d66d76f

SHA1
bb0064b599eaa4afda7c6505e162f27536272b07

SHA256
27d630e439fddd219c5ab90ec83ce2702e63656a5051f9b05de15c30f0f92cd1

SHA512
3890020b66a11593b02e012ca84edb71b469900ba947d3c8fb75a32046976ff7abfa0e71ec0ac909ed128292a43ae0780af4ad0abf36d327d75dd35f9809b08f

Download Submit
memory/2776-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2776-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download