e9fabadafce5a05dc10cecb3659c5dd42b0279c667efd481ef7b85b28baf89a9

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75dc5aec4592539680506cb1d832cc80N.exe
Size

157KB
MD5

75dc5aec4592539680506cb1d832cc80
SHA1

9e11b544974532f5996eab750587dc231e7ad156
SHA256

e9fabadafce5a05dc10cecb3659c5dd42b0279c667efd481ef7b85b28baf89a9
SHA512

56bbc3f271e80c63fb438dc5e0dd923cb15763ee6a76ba7cbd5e9b589ceb411b2bdc384c15baf0672185fec85cf34007009bc879dd9fbfe5ee422140901252e1
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8zx3Y3hx+fsio5UxKzWZ64+A8C4hwj:enaypQSo6VEio5Ua4NX

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (303) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1624-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000016d28-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/1624-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	75dc5aec4592539680506cb1d832cc80N.exe

C:\Users\Admin\AppData\Local\Temp\75dc5aec4592539680506cb1d832cc80N.exe
"C:\Users\Admin\AppData\Local\Temp\75dc5aec4592539680506cb1d832cc80N.exe"
1⤵
- Drops file in Program Files directory
PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
158KB

MD5
8ddb86cb90bfff09e4b5d033cfe87246

SHA1
564f487276e9bfa65bab097e9f4e3d4a713187bb

SHA256
bb6450ca52f142acedd4e63b45ee7cf77c066e6d352a598aee51c6d951a9b5c6

SHA512
540f82daa82501e1a5f50a6d1ac26dd5d9b02484e67b027599fdc2ae62d6909386893fe7adf1952ad469f08dd34631c98ca04903ddc442046ae8d23c89fcdd09

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
167KB

MD5
90944aeafc71952f900bb301e4af46b9

SHA1
1a22910c20cad23fdf63514f6bba9b5cdfe7e8ea

SHA256
4338867395ac242cb8ee9a1249ba33114ead7bb05efb3c02347f89a496061952

SHA512
5e37f56c117a94819bc57be9c5ca6d7d4a60903433f0824523e59a27956860ba91e073c22e9a5754f68f61f9c9dceb376aa0f993b4f6d507c1d7f5df34a48d23

Download Submit
memory/1624-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1624-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads