321b1d66f9a2377cbcf03a2e3766c31e6a1f77976d8ea67b4fbafcf6dd2c87f9

Analysis

max time kernel
21s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6629f94ef85a8c02d363d6fc92bd3310N.exe
Size

63KB
MD5

6629f94ef85a8c02d363d6fc92bd3310
SHA1

64c7a7fd88dd81fb7d1f1bd77fd056252ab9d16e
SHA256

321b1d66f9a2377cbcf03a2e3766c31e6a1f77976d8ea67b4fbafcf6dd2c87f9
SHA512

710c3ddf8705c1f0edc89e4535a3310995e0eb1e6074ca33280db295cfda587a821b245227b01d0bde786266df3bdbe724fab1d3262bc10aa6a7d66414729ba7
SSDEEP

768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFZhfX58Q:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX56

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000120f8-2.dat	upx
behavioral1/memory/2676-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/2676-662-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\AddRename.asf.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	6629f94ef85a8c02d363d6fc92bd3310N.exe

C:\Users\Admin\AppData\Local\Temp\6629f94ef85a8c02d363d6fc92bd3310N.exe
"C:\Users\Admin\AppData\Local\Temp\6629f94ef85a8c02d363d6fc92bd3310N.exe"
1⤵
- Drops file in Program Files directory
PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
64KB

MD5
85b0d274ab370a73be42bab5476f88da

SHA1
37a0ebe049d60fc01b9f5f724d9821a3bf3ea549

SHA256
ab294d747681745aad6cc9a0a88328116ed04cc5b10582eb9127fb485aa40e21

SHA512
e89d8ec168497fb2a3a637c5735221099a296db5acddb3eda37b58e19facebc34fa1ca52f11b6527e79c4ed103d577ca36677d075cbc68051a918b9ba52feacd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
73KB

MD5
8c27c531d4b4fd5fa6c2432687ba7181

SHA1
08a1907e1103b2f56b71fe61276ba36bdfe17a85

SHA256
7092f02fca3a09ec5ab9034f643c9efae4fb05533d741807e895bd1721d9a106

SHA512
c4360194421997d51f87e2bfa1f0a836b94fe8dcf146691bc0511bffa558de5f06335b035211f5aee547fcaa6b55022cb63e08ec429946eb04689c09aa8cdf05

Download Submit
memory/2676-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2676-662-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads