90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31

Analysis

max time kernel
147s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
Size

88KB
MD5

8c1e29f801729133afb103743144abfb
SHA1

f5165bad251e1fa2e0247d4d3f8a05ff65e798db
SHA256

90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31
SHA512

3a23e98805b57719acdd91995a9f774af9fdb7cf647081cb17e634b259811764021994b5ee1c373769d0c6f151c87176ed97f1eb5700501085bf992459637c28
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx6l:fnyiQSoFl

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (552) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000d000000015612-2.dat	UPX
behavioral1/files/0x000200000001047e-6.dat	UPX
behavioral1/memory/1932-70-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000015612-2.dat	upx
behavioral1/files/0x000200000001047e-6.dat	upx
behavioral1/memory/1932-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe

C:\Users\Admin\AppData\Local\Temp\90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe
"C:\Users\Admin\AppData\Local\Temp\90069de9e81184adb2355047d65a4096a9afbf38cb53e879493bce0cb120ad31.exe"
1⤵
- Drops file in Program Files directory
PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
88KB

MD5
308861effa6f9d3713fbd4b1b3e8efde

SHA1
a00048a4b79574a544256b7c2d8273d05a26147c

SHA256
df0fe10e6ca250e4ee7b28146b16cc95e57e5663a393f6e3831a7e8c6ab4bce3

SHA512
192e560614511b6e68f12331e64d5a81ad9f78e081866602bd2f02df42d50ac033ac29d8f0b7454d85912becc5e3f677da21770f118b7162d2f1b9b43ac810dc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
d29ef27b212561caf61a3d559f857c91

SHA1
0ec8b05562c306e009f2556121611e78173efa16

SHA256
1e5e41b582deba55d398ea2b85d4d96de4f98d9d8d1193bd4053e69892480397

SHA512
d5b6d04b02ed9495478c30d6642c1f3f5d3aeebae0d7be58b7c9330b7f543984e5af7f17d8bb80cddc587e400ec6a93d964d2b93dc013c7ede4d69ffd27a2baf

Download Submit
memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1932-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download