04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 18:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
Size

2.7MB
MD5

1d13019116a874f521ffedcb96e8ffad
SHA1

6045975f9ca8dfb17752cad12dcc28e69272e597
SHA256

04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6
SHA512

29e04c201fbc61e818c45092e2b9d970a32e4850b8669e14f5c423142b79cb5710efd4dc0eb137e6dddce4790afa035f3d08e74b6ab40b0dd4f5ee943fdd1be8
SSDEEP

49152:VefR6OWEYqc+A7muks/AouA7CP57A7mC33:kfR6OWEg+A7muknoNChA7mCH

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (230) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2932-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x0007000000012120-2.dat	UPX
behavioral1/files/0x000200000001048e-6.dat	UPX
behavioral1/memory/2932-120-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2932-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012120-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2932-120-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\ConfirmUse.reg.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\CompareHide.doc.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe

C:\Users\Admin\AppData\Local\Temp\04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe
"C:\Users\Admin\AppData\Local\Temp\04c65a5b5829f8adcc1c7183e44991d2a5a40c894d408022b606e20b19813ba6.exe"
1⤵
- Drops file in Program Files directory
PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
2.7MB

MD5
0877a89141dde3a49d5b3b714f334ac1

SHA1
919e8d2cdcaf2a044bb02b51530a4fccc1c62d3c

SHA256
8ec380601b4ef409c7af318d0aa250a00783419f5d530343a54216a43127bbba

SHA512
a3353ed93e66929321f9fd7dd8d517d116bdf168f3f635cd2b431c81d1b0c4ce7a6d2e8d739c0f0ba6c2eea7a0f8bb896e87c1f5be7f1acb4f8a7ce5c1386b6c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
2.7MB

MD5
2b552e55378981a82d0d2a010dc5819e

SHA1
d09e43df665a2d09babe70175cd026cea8f0dae9

SHA256
1d8a05dd2194360671d94043529d886a996e90b7efab1dcf6ec710c8097f0159

SHA512
c7e688bbc72056fe9f12e57c0405cbaceb485957be6b8a3439e4372efd05ef6515f3d7f7d89ec45d79001096de83d82020cd9b4ebda82032268ee93298f27ac5

Download Submit
memory/2932-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2932-120-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download