8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
Size

48KB
MD5

1f7d21ff139fee73673b31841d9da526
SHA1

ab8e61d517092e7c755ab9c3830b273a4b9cb633
SHA256

8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d
SHA512

7be2d007521e7f9adb1ddfeee80d0f0e3cb37d1e6a63507704df2d2c57151f375b6062b923c5abed7b324ddf0720bd78a599804d8c0de793673f4c49caf864ef
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rk:V7Zf/FAxTWYXgXO

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (616) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1140-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0004000000017801-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/1140-64-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DisableUnlock.htm.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe

C:\Users\Admin\AppData\Local\Temp\8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe
"C:\Users\Admin\AppData\Local\Temp\8e68e797cd2ff8da327920511163c3a90913e8077119cf927ea3272b283ba00d.exe"
1⤵
- Drops file in Program Files directory
PID:1140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
48KB

MD5
331bfd96085386eb89663d1fc3184465

SHA1
995924f2b23e6b2632cc1b877c63dc717414f136

SHA256
d2f7557b86c5864998bd5a1b95675149adb897265ad3d182636fc0c5b6a0d739

SHA512
8a97d7ff595f90b2ccce1f4ea22e114c0a4f6858585461d0371d3df137eab6d1bac6b5d55efad82a8babb19ed3c1f88c4a7938f2c209259cab5bcebe51041b76

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
11554f4374fcd219f285a0c8851b98d4

SHA1
732e22e4d34bfa53cce923113c88f57ccb8b9768

SHA256
fa7e7e979d0cbdfa3212e6a4382217282f3a6442e3e3a1fb16881f2c62a50aa7

SHA512
6083d35dabd66752c397d4b84a274ce054ecd312f11ce117acf07ee2ba7a86f192fb87c56bf812724e87c4f49613d90428a9999aaeeb636e76cfaaeedda19146

Download Submit
memory/1140-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1140-64-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads