5ccf4617d33cf04f7daa3c518991c32dcaf4011dd84ffe4ef620da96614f555f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fea226aa1687bfc48c402bdfc082bc0N.exe
Size

867KB
MD5

2fea226aa1687bfc48c402bdfc082bc0
SHA1

af230a1407c131e68934a6790a1c0e1282294a66
SHA256

5ccf4617d33cf04f7daa3c518991c32dcaf4011dd84ffe4ef620da96614f555f
SHA512

a1f90ec62e5ccb80cbd8da446a117b2d589533eeaf2e59827ef8667b4262b170d16f95b291c9f25bfaf2d60c6441fa0e67ee7930e7a2c4e83d7a49f269b30257
SSDEEP

24576:VI9CAqKCYtR89d4f9g3T+jVHtd31gDrdXJ4QgIaxRks0eBHOYgVss0fdg+Iby6vI:VAnqkP2wOHvglem

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (525) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2304-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001227f-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\FormatUnblock.snd.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe

C:\Users\Admin\AppData\Local\Temp\2fea226aa1687bfc48c402bdfc082bc0N.exe
"C:\Users\Admin\AppData\Local\Temp\2fea226aa1687bfc48c402bdfc082bc0N.exe"
1⤵
- Drops file in Program Files directory
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
867KB

MD5
2b88f394efb883471c0de76da137bb62

SHA1
a61c999804ec37f380df1a6a8d7868feeb0ea0f4

SHA256
f006d72da395d77dc618f8e8e912b87acdf551680225c5dd8e2d659ade06020c

SHA512
3e0a9986edef70d5166bf41205f67ec3456e3c10a42b34335098e07a27801f236a277b04467c99aa69ce352b2780fdaf12145dda0145dc34bbd446dd4550b5e3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
876KB

MD5
d5614c472ef896eac5a81f120652387d

SHA1
325474e54d58b148f4ac5ad1557f53735c208ccc

SHA256
430471939e2636cd81689f40e32d650b437f5ece805b2e22451572c64d659237

SHA512
9f1ed8aee0cf2e1d5835f0d9df892f867dac965eafdab7124987882fcc0c703e902329f393e404d5d1617e8c13bcb6f02335749cfd9d33a842b1b8fb9a31aac1

Download Submit
memory/2304-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads