f671db42d468316f84597075d83ef8b95715405aa4c91a97bcb735b7b4371806

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9453e491633ef0b4a9cdf17ed6865a11.exe
Size

1.3MB
MD5

9453e491633ef0b4a9cdf17ed6865a11
SHA1

a33e0238ecfcffced47a81340c6eafd79753e46e
SHA256

f671db42d468316f84597075d83ef8b95715405aa4c91a97bcb735b7b4371806
SHA512

cb02dd8f4e8b08bea5d80fdf0d8fb9adc5f191d2d2c840da9cd4cf44dbbaa47575b4b95ec19b660958dde9137495f4a1172064bde7d1f808bd00ba68490bc621
SSDEEP

12288:7AIuZAIuOylj05a55PJQHbuZ/kPlWzsiqL1SWb3bqnw6wNHy0N0/AnQ63zg2nzTI:Iw5Qyc+Aqw6KH+AQ6g2zTHqv

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (584) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d00000001342b-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2188-162-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe

C:\Users\Admin\AppData\Local\Temp\9453e491633ef0b4a9cdf17ed6865a11.exe
"C:\Users\Admin\AppData\Local\Temp\9453e491633ef0b4a9cdf17ed6865a11.exe"
1⤵
- Drops file in Program Files directory
PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
1.3MB

MD5
4820f6de372727eed3358b5f359f8a06

SHA1
a17dfdb03f8f0f3f4b871976e3da9de802d657ad

SHA256
ab7bc9e2dc92e537e5ffb94c6a8894585e7f5840d30988d64d56e0c96bf122de

SHA512
b20f9eacef682b23f86e1a32d9c7b0911e4872477fae8de85174ca59692eadd2c54400226bcde5a91c47ab028549bf084035e8ef2316e33027c1bb5c61afb3f5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.3MB

MD5
60dbfd6a21b92196692cbfd22208c4b8

SHA1
a82309f1bdc562526b1dca5f3ee6169d33da73c5

SHA256
701a243a19a4ea6dab2a1be1afdf486435fc84805c541eb63b82d9453d7ef116

SHA512
1d82b32e423dd62791b6f064d5a05604047ab9a479e8c47fb4e26ed70659f68a35ebbca3e22a11c169db63c0111151c50bece59a36887c2ed15e25ddd69e85bc

Download Submit
memory/2188-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2188-162-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads