b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458

Analysis

max time kernel
149s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
Size

59KB
MD5

ddf97953ef90ca9270eb8f0ac4a88e68
SHA1

27dc9ca712790681f61f17db6e9b412cde8d0636
SHA256

b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458
SHA512

77f6d4482bdb967662ab7009610780e35a715d5c15baf5d1091ec6726d5e8817ae0abec3a3e5cf25bf0db22ed69571de71295bc8f71288ada2c30356b6697507
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rG:V7Zf/FAxTWxOmO/fxRfx/

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (478) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000016d58-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2816-50-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe

C:\Users\Admin\AppData\Local\Temp\b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe
"C:\Users\Admin\AppData\Local\Temp\b7dd43ade8cd46e7a67d4bfb94ece400f5b812f6da9ec80ad307eeee0c741458.exe"
1⤵
- Drops file in Program Files directory
PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
59KB

MD5
3ab3fd8257b1b6c6c449021756bc3303

SHA1
d9278377019c79896a4d1f50305f99ef4eb6300e

SHA256
1178a201e727149c12bd1529f86d35370bce60e8644810a2a6728091e16bf221

SHA512
a543664611745eb6abf26ab908c8ca859ca744cadbb34ac47dd6d725648a6ca0b0f3dcb421f52e5286268764a7cba7de24cb74d67a3b4d3e803ee3841fad27b5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
1d267d554625c298c52a7e2b6baab447

SHA1
77c280a97af2f0e9588eae1bb3b15861c7ab34fc

SHA256
7193642f9f10495648cd0754b2e4794ebc22f692cefe5cdfa415d717ca1671c3

SHA512
6dd36123e71d50da81c9bb10fbee04538555d5883f5ffe7f8e81d0f3f5144f011a1d8da84e8567eae8c8f72154fdcf7ccffe7c1178e40af3cdebdb5200824edc

Download Submit
memory/2816-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2816-50-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads