6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
Size

86KB
MD5

d28d19fa1736c5e3c92c92d8328c220d
SHA1

8eb4277d032a73d655138be5c888cfe91dc3b7b7
SHA256

6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155
SHA512

ec87fe88fe5d898755208c14de0adf6b1106cf73b8137fde3cfc7e60c05f48c3f0b3f8ab932fa217db5287bd2b01d18b1d69bd708ce610b90837a0f980dfe600
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8yiDGugs:fnyiQSoWgs

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (518) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1688-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000d000000014909-2.dat	UPX
behavioral1/files/0x0002000000010481-6.dat	UPX
behavioral1/memory/1688-62-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1688-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000014909-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1688-62-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\EditStop.avi.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DebugNew.docx.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe

C:\Users\Admin\AppData\Local\Temp\6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe
"C:\Users\Admin\AppData\Local\Temp\6b953222e142af2b0afafeb28007b3f3d991263e00ce1de4828032e324b31155.exe"
1⤵
- Drops file in Program Files directory
PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
87KB

MD5
45f721616d49bb5c033831f0c7315ce9

SHA1
0cc8bafc69c804342dfc01387ac551c89f848025

SHA256
fcf65d384debb2f79c1592af7c4ddf6fd1d6d2c416c289dc626c53dd234fc19e

SHA512
35bbdad073523d2ab01b7d5b2afbb016aa9b80022d34ea5196307e5f4bf1e0c22472d22047369e03376a4f8308ae6e6455e91a0e02cc2c8f11af36d464d5bd44

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
164766ce1f20273d8dd98707e534363f

SHA1
b6bae45d0c6886b1089f03b011bad29126e60375

SHA256
9df812770b04b47d3bbea9b16bee92346c80fb701f73cc7675d12df3f3ffc75b

SHA512
59369f314ceeea5d4ad2083189bb8600b8199ad4cbb6cce971d7b894554fbea666527284107fcabcd9f05d70912cd8687a9ae139b3d7ed15a21b71464f93384f

Download Submit
memory/1688-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1688-62-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download