4924b3266615ee57ef0753794857f7ea37909adaea824950448ad3b90a31683a

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52a09d3b2c38590b9435bc40314fbd10N.exe
Size

40KB
MD5

52a09d3b2c38590b9435bc40314fbd10
SHA1

edb97c935f1911085db49df7cb766b9508d4e2bb
SHA256

4924b3266615ee57ef0753794857f7ea37909adaea824950448ad3b90a31683a
SHA512

18fc3691ed2bad256ec115f987c118c7b0291b3c2f0f6705d96a32e3b81f54838a99b7e0da00e86a5ffe56facbb123d459048106e99e9a817d31bcdc08f3f245
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyC:V7Zf/FAxTWoJJZENTNyC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2928-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000900000001227c-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2928-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe

C:\Users\Admin\AppData\Local\Temp\52a09d3b2c38590b9435bc40314fbd10N.exe
"C:\Users\Admin\AppData\Local\Temp\52a09d3b2c38590b9435bc40314fbd10N.exe"
1⤵
- Drops file in Program Files directory
PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
40KB

MD5
fd41b194b96c85f8b21323fa8237ea82

SHA1
8f57ba993a2076bc21b4d2288922059200dd6414

SHA256
00747f79e1ee2c9d7585c509b41bea3f62b0721b17b50cc608e280f0cfe00224

SHA512
1794c93e823fc8fb47beda65605a1905d9c20bcb1724d998d2d2040b813c4dffd4fae7cc5e1a6e005666d149bad82a5af6b87520bc1365dd58adf1e0b3a79177

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
8ea21de004f26835136b0a3f6b966264

SHA1
f01d81af861c9e2f9a7ffa42d927cd658ce1fafa

SHA256
545679cdd7672a376443e617c8ce740c6a32390befd8a906ec8da90f64f40513

SHA512
d97b75fd1d64693d5743a0e02f725d1a619511dc730526979cc5609ebac1b9de6ed494b0c6e9b98263df42c7128255dab106ae2ffb9c83876eac43b67ff0f777

Download Submit
memory/2928-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2928-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads