3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e

Analysis

max time kernel
151s
max time network
131s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
Size

241KB
MD5

9d6304e9d6e12b2e74f3e744ffd3c350
SHA1

87ad73482c27fd6e3ebc39f5bbe1f3be0b915860
SHA256

3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e
SHA512

01f111a3e57c580d9a47da7e461c44dd9bf4b869b8ff9ca843c267c9ddc814d38b26f82ec7a9b1f88ddae80491535d213b3003faa5e9babbf00de54a2cab1dc9
SSDEEP

3072:fnyiQSo7Z54HZKMx4dhECVTQSo7Z54HZKMx4dhECVH:KiQSoz4HUK4dh5TQSoz4HUK4dh5H

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (241) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001229f-2.dat	upx
behavioral1/files/0x000200000001047e-6.dat	upx
behavioral1/memory/1704-44-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe

C:\Users\Admin\AppData\Local\Temp\3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
"C:\Users\Admin\AppData\Local\Temp\3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe"
1⤵
- Drops file in Program Files directory
PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
241KB

MD5
ba130c5277595123a4e770883e1d3331

SHA1
1b28438b3cf55682286cf62f9f69285b3b12d0ab

SHA256
2ada2fd58964a29de3ce0f716cc75284400c83f71f7a976ec7f794ef7846aade

SHA512
72ff08a8ed34125fd372136471b4a1ad2c7d7d59941e56ec39f69a5b7b96fa281bbc364a93ae9db78127390addf213046f61da0a5738d86804e6c25ebc69659a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
250KB

MD5
0262c9871cada89122fa833390d16c68

SHA1
d1c1e5db2aa0d963fc839bc23179b711cd7b697e

SHA256
635c13ac03a9b3b18e3ec1283f9c5eccdf9aa2178ee1051b64608d9ddbb943a9

SHA512
34b4289703453adf8c6531fda85056910cafb2965278492519a93d2018d03c73b61545bb3082c9d0fff341640440f0f67e7f8fa5cd273fb99ec8f63f4cd3cbea

Download Submit
memory/1704-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1704-44-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads