bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc

Analysis

max time kernel
151s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
Size

69KB
MD5

f997e599ed22fb4bb4713de12448f793
SHA1

433d2cf761cbe918f53558fed97f2675397f0bd5
SHA256

bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc
SHA512

a933f8800995cd16d9616154d93d96a196936d7b8b317d70dca59bf56e110aab64077b3354aced110593aac363d14b9bfdab0248a141b7b103624903c552f836
SSDEEP

768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniX74l4O:a7ZyqaFAlsr1++PJHJXFAIuZAIuA87

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (589) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1152-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000b000000015a2d-2.dat	UPX
behavioral1/files/0x0002000000010481-6.dat	UPX
behavioral1/memory/1152-68-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000015a2d-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1152-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\desktop.ini.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe

C:\Users\Admin\AppData\Local\Temp\bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe
"C:\Users\Admin\AppData\Local\Temp\bd4fd59f40ea677d6d19ed43395772faf8174b91b19f3cd1d41b8390448ea9fc.exe"
1⤵
- Drops file in Program Files directory
PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
69KB

MD5
204003b4d9e9ffb608709a59d040dc2a

SHA1
5b184cdf82de87cccee3f9ef7fc71d4e30e223f0

SHA256
33838fc390e764c9f2fc54c209e5a2d4b331b32bdef8c17044633b25a93fd711

SHA512
728a629bf77e20a8201642dfc2447889d95a98b14b5f3cc6c52869537509b205696b6bb7db31579e7bcf85ff64696274b4390563308964a29babba2c4a77d8c1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
645a445b8614d2c71cef8dfa94443e30

SHA1
27a12c688ff040f136ef71ffca33fd81a38a79ee

SHA256
efb49e0c0040076d189c629510fdf6f786859aab39c1c28b8994dacb14423d47

SHA512
2ea4af54a8fa293306fe34df86bb4b2b8e4a71f99fc9e55850abe75663de04de75807f3fc9129e113a51778c7b5ccf5d61a5a862b64d78da53e6bc5c872a9d9f

Download Submit
memory/1152-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1152-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download