47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1

Analysis

max time kernel
65s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
Size

156KB
MD5

9d353cfa70872775e51f346cd54240b0
SHA1

a41b6644418560783641c9685629e38d56c77627
SHA256

47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1
SHA512

b7ba204e3e4345d78d92cd42875f8254beaaba45749f3c29699e920ac65a81c2afa2ba3e71d8a6e91d8fafecdeab2db9d5d097267bbb7ff25b1d6cd122a0bb98
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8OyZ2FdldzTWn1++PJHJXA/OsIZfzc3/L:fnyiQSonyZ2FdldXQSonyZ2FdldS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3008-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000e000000012286-2.dat	upx
behavioral1/files/0x000200000001047e-6.dat	upx
behavioral1/memory/3008-48-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe

C:\Users\Admin\AppData\Local\Temp\47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe
"C:\Users\Admin\AppData\Local\Temp\47d84dba7bf08deff22a7badf5e927eca28fe5fbd769ab2a1c5163ca612bfef1.exe"
1⤵
- Drops file in Program Files directory
PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
157KB

MD5
0e442ea6c65f326a2aee3c07977fff7b

SHA1
8e74af6b6f45bd760422ef0b5ec6b48c2e3c1409

SHA256
e670fbd566ad5fcaa88e4d1eebb82d0a8c20af5151408c180226578712d10310

SHA512
5ec2573087acaff8d6f3b093332cd43f12966055034605cfa8374b4dc57780ec0f536802c0fa38ee205de2e66937dbf079d32e9bb857669b3eaa5e35805f3136

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
166KB

MD5
0b233c5cfec8f13fc1624c68171712f3

SHA1
b8f1369b1abf925d14ea76152dcb338e7edd1482

SHA256
3edc903e8a3dcc4194dbb7a162a40a6b09958357ed7049094dfc2c61f122ca01

SHA512
5c4fe95f822a1c53635919f4261fe03ecf77c79feab9c00806ca35173927eee41bf9f5cc59ef743f93e715aa869240dacbe4f6970e61293051596c4d3280d655

Download Submit
memory/3008-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3008-48-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads