38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
Size

232KB
MD5

1d79b35d5c1856c4a81f755e3ac5d190
SHA1

10877004c339b0eabbefdf3655b1c2400c6bdb9f
SHA256

38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca
SHA512

ddfe796a571de3387b97cc3ebb584a35d6bbab71c5dfbc525f069b5b54e229052c7f237d59480392660307d2db1b93c4bd04844dbb930b458fabcf02def4ea89
SSDEEP

6144:KiQSoz4HUK4dh5MKeKAQSoz4HUK4dh5MKeKS:VQtze54hmKeKAQtze54hmKeKS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (462) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012294-2.dat	upx
behavioral1/files/0x000200000001047e-6.dat	upx
behavioral1/memory/2224-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe

C:\Users\Admin\AppData\Local\Temp\38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe
"C:\Users\Admin\AppData\Local\Temp\38fdd16e23a927baefd739fa8fa90b667c7490f21e80bbfc65aa20b65dc552ca.exe"
1⤵
- Drops file in Program Files directory
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
233KB

MD5
3e8b59abe8c806e8519a2b8e85640299

SHA1
fa84cd47d53b43daf439b7b5e88198d0c35639a7

SHA256
738887a026d41e30f31372e0d9cc90436a658dcc35401db69325f82149f194cd

SHA512
620cb54cfdf1fb098dcbf7b849b3ea8dbcc76a1b65fe0983fdeea46d224c5cefac298d063454a262d5d75b1bd70b4d8aed3cea3394e49bd5d1db82b12cba79ff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
242KB

MD5
102ab350dbb54519b8e9b5fc7623f695

SHA1
239225d63eee85f8f721d178a2e168db4739de91

SHA256
a39d474fceec5100b4031a71894ff4ee6b7f08008917b54cb5f7809c08cf989c

SHA512
3f51567e6e35765f4cf847db1e825468cfcf00e2497d19e56169f326b23afcbe804ece1240fa408c6c32025bb9199e1a48cf4827d139504cf68845535ea46dbe

Download Submit
memory/2224-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2224-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads