Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:03
Behavioral task
behavioral1
Sample
a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe
Resource
win10v2004-20240226-en
General
-
Target
a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe
-
Size
77KB
-
MD5
0007ecc1ec3c771ae7aad3f1eaa1f3c3
-
SHA1
7be1cad50dedbde4ed8dd329b197fc19b1d60f83
-
SHA256
a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d
-
SHA512
dbe2619ff74df1a2e8a7afea7f740c99abf83c7811739c4ecf319eda63e4233a12e5e9da249be14a691fd253403282ecf79cdd779f46bf35fe7597b1085e1e9b
-
SSDEEP
1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8+:+nyiQSoV
Malware Config
Signatures
-
Renames multiple (676) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point) 4 IoCs
resource yara_rule behavioral1/memory/2600-0-0x0000000000400000-0x000000000040B000-memory.dmp UPX behavioral1/files/0x000c000000014c67-2.dat UPX behavioral1/files/0x0002000000010481-6.dat UPX behavioral1/memory/2600-68-0x0000000000400000-0x000000000040B000-memory.dmp UPX -
resource yara_rule behavioral1/memory/2600-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000c000000014c67-2.dat upx behavioral1/files/0x0002000000010481-6.dat upx behavioral1/memory/2600-68-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\7zCon.sfx.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Internet Explorer\pdm.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\7-Zip\Lang\da.txt.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\7-Zip\License.txt.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\7-Zip\Lang\ro.txt.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DismountSuspend.vsw.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\7-Zip\Lang\nb.txt.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\7-Zip\Lang\nn.txt.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD55255fc80bbb632608b781a9cfdefee22
SHA1f9c049a385bf9f45367f172e209e393d14099c43
SHA256e45a04a58b30af8dce51892fa07e72f2cc4fd3f41ae42109d9bced2f3c56d92e
SHA51258ccc87e08438b4e9481b2db66dc382992d8c4006ac7ffbf2873b8910182574922fe22dc723c10ea09b07b14a74833c086be32bcf521541ea32c8bfa5476ff81
-
Filesize
87KB
MD50b3210078399bdc5b764b1c86d52a21a
SHA1f1e6579675bb1cccfb8b2b6d9414cb2eb95328e9
SHA2568942a892cb057e56a63ebc48cb1df277529caef99d34ff4d05c9eae8d7ebf243
SHA5127557d64c13fd9743e168dae337bf38a30eaa445a15e97c9fb1d1b57f5953b7aca1c895d4fee7761366d81b5116dd0c31426c611bd2893291b270a7011bea810b