2d59c13622be9fa71a79c7266766977b2de534d444ab7711338a89273570f65d

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 22:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ce2ec8a2e441aa8c42101aee01d7420N.exe
Size

125KB
MD5

2ce2ec8a2e441aa8c42101aee01d7420
SHA1

3a6ee2310a9b4e448f032c584445fbb43d9b0fee
SHA256

2d59c13622be9fa71a79c7266766977b2de534d444ab7711338a89273570f65d
SHA512

f2e4b875d5277aee5f821a0eaa7bbbf9f4948cef45674f74837d053a44388f56c9bdb448a66d3bc341286d66ffadb4356a944f2fb3f6c0702735c05279a05b8c
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZv2nTWn1++PJHJXA/OsIZfzc3/Q8IZG:fnyiQSo7Zv2jQSo7Zv21

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (322) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2476-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000014968-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2476-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	2ce2ec8a2e441aa8c42101aee01d7420N.exe

C:\Users\Admin\AppData\Local\Temp\2ce2ec8a2e441aa8c42101aee01d7420N.exe
"C:\Users\Admin\AppData\Local\Temp\2ce2ec8a2e441aa8c42101aee01d7420N.exe"
1⤵
- Drops file in Program Files directory
PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
126KB

MD5
56cdc1fad5be58fd7ba337fd20fb6e20

SHA1
e97b4f0df35c635d6a647920b942eb03bb32daee

SHA256
24c1365d583d47ed01631bbf8a5c8c68088313f9f3a7fffb709cc75bd83a2752

SHA512
0d95234e8b2fa1920370a2e7e812cc2dec02dce443445fb341eb554b81b4c509168de384cd318819f6d735def022669ae2775e12fd0ee22254ef95ea115a956f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
135KB

MD5
8dd17e6ff99a22ec221d4337c112d651

SHA1
054c11baded53c915083e0f47bee00bf5f27b38a

SHA256
fadb1e7ddbde0ab8d88417038603caf7879651575860335075387b9c34ba8f53

SHA512
8a16606c6bd66331f36df49c6b735608f2b5a20adf744d041f394218f82888f079a83baa6b21bb1d44a23872801d3197b79cfeaa3e6e9c732203a4ebb0177771

Download Submit
memory/2476-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2476-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads