45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
Size

49KB
MD5

c701fc223aad55f6eb6b3ffe260f8a86
SHA1

51db080db3fb9187e2588dba0ace0bf4e6f7379e
SHA256

45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7
SHA512

e3705d8820b896c0e7ed93585cb25762feb6f90dfc0fc75f4c7f2df130faca70f3f71e156511f7d9f2bd8d869f80251a3dc0d5f6ac1c36c10023047e5ac67607
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzK:CTWn1++PJHJXA/OsIZfzc3/Q8zxg

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (487) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1684-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00090000000177da-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/1684-18-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\CopyDisable.wav.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe

C:\Users\Admin\AppData\Local\Temp\45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe
"C:\Users\Admin\AppData\Local\Temp\45f3aa645b9b0d8ec4da494383804c5308db65e80ae255c860c3349935ea87c7.exe"
1⤵
- Drops file in Program Files directory
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
49KB

MD5
365810ab6ea1c2a8faa2d01d2ce9d007

SHA1
a1a777a9356c789467d80882aef1b807b8b7787f

SHA256
d01259614d2927a908fae9f6fb9ecdeb63cb90516ff29bf0ae6dc82f75303717

SHA512
148638f2edcfdf2798d1dcffe8ba8019592791d7e50bbaaec2e72834e7ebc89349b7e902ecef317ee3e8099ed11161a6e294c1ad9220d8679cd223e142a4fb8b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
dabf27e32dcca5a7a6a3360902d7ed39

SHA1
29d3c6a1b736a8e606c5386b4bfb9c1cf5335e1e

SHA256
8adbb16c11e3c66661af5e0ae271da1d3a85904453eb2a54091c2f63eea96861

SHA512
3e5d1f3bd99ce34c94448f30506af15d2bd2f6abd1697e050bff794a42376bab0afbd11bce0b48038348add142290bd5c3ed4bd1726a097147d4ce0a7e04d627

Download Submit
memory/1684-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-18-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads