df44a95f85d146c83e1b72c96b7671ba1223854e0dca1da88f23ab25230253a0

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 22:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a859e3eebacfb72969188844e5821c0N.exe
Size

44KB
MD5

1a859e3eebacfb72969188844e5821c0
SHA1

17b059416c5a02e645d94502423d3f7face94cd6
SHA256

df44a95f85d146c83e1b72c96b7671ba1223854e0dca1da88f23ab25230253a0
SHA512

a006c1fbe0f7fadcda5c95dc4a8977add617f6d3774399aa46721766cb79f92bc66718c4990ef9b3e4b55b2d205b5caeed098006295b9639a17f452a206bf545
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIx:CTWn1++PJHJXA/OsIZfzc3/Q8IZ3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (291) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2056-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d0000000141f5-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2056-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	1a859e3eebacfb72969188844e5821c0N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	1a859e3eebacfb72969188844e5821c0N.exe

C:\Users\Admin\AppData\Local\Temp\1a859e3eebacfb72969188844e5821c0N.exe
"C:\Users\Admin\AppData\Local\Temp\1a859e3eebacfb72969188844e5821c0N.exe"
1⤵
- Drops file in Program Files directory
PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
44KB

MD5
4d5b509d924eee99a0341d57cac171fe

SHA1
ee1760c7326a00c0cb9f0f9ae0c7c907d297871f

SHA256
ea466419bc4dd6a2f9f0e313162e3152640b13e2c10077f86284f499f96b3e69

SHA512
334f176ca857ebbf271da916da1c6df6cd2750fa19265180ac5249a6ce28047bb5b3355ceb76416b5fad7ee3154475f798c43f3d721aeed437b2fd65b9a7a6b8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
7f62e1bfbd32f5d86d777e5b7d0b3d0e

SHA1
ceac714aff7514d9032adc0fad74a398a7634e70

SHA256
e1b35466c7c697338607964b0bc69ad2969b2656200492c74d31077c62a0e3a4

SHA512
b844f763c85b777e6b1259a0efef0d441dbdf36612da25465c676ae426a092e3ca90b59eda65dc42502a42be78c1ee60762b0676e6b68087dda218638a5a3384

Download Submit
memory/2056-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2056-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads